From 73e047114dd387956fec047cffcbaad8d581543b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 21 Aug 2023 20:00:42 +0000 Subject: [PATCH] Auto-Update: 2023-08-21T20:00:38.779443+00:00 --- CVE-2023/CVE-2023-212xx/CVE-2023-21286.json | 84 ++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21287.json | 84 ++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21288.json | 84 ++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21289.json | 84 ++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21290.json | 84 ++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21292.json | 84 ++++++++- CVE-2023/CVE-2023-264xx/CVE-2023-26469.json | 6 +- CVE-2023/CVE-2023-314xx/CVE-2023-31447.json | 4 +- CVE-2023/CVE-2023-320xx/CVE-2023-32002.json | 4 +- CVE-2023/CVE-2023-33xx/CVE-2023-3366.json | 4 +- CVE-2023/CVE-2023-36xx/CVE-2023-3604.json | 4 +- CVE-2023/CVE-2023-36xx/CVE-2023-3667.json | 4 +- CVE-2023/CVE-2023-372xx/CVE-2023-37250.json | 8 +- CVE-2023/CVE-2023-380xx/CVE-2023-38035.json | 4 +- CVE-2023/CVE-2023-388xx/CVE-2023-38836.json | 4 +- CVE-2023/CVE-2023-389xx/CVE-2023-38961.json | 4 +- CVE-2023/CVE-2023-389xx/CVE-2023-38976.json | 4 +- CVE-2023/CVE-2023-390xx/CVE-2023-39061.json | 4 +- CVE-2023/CVE-2023-390xx/CVE-2023-39094.json | 4 +- CVE-2023/CVE-2023-391xx/CVE-2023-39106.json | 4 +- CVE-2023/CVE-2023-396xx/CVE-2023-39660.json | 4 +- CVE-2023/CVE-2023-399xx/CVE-2023-39948.json | 100 +++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39949.json | 88 ++++++++- CVE-2023/CVE-2023-39xx/CVE-2023-3936.json | 4 +- CVE-2023/CVE-2023-39xx/CVE-2023-3954.json | 4 +- CVE-2023/CVE-2023-400xx/CVE-2023-40023.json | 193 +++++++++++++++++++- CVE-2023/CVE-2023-400xx/CVE-2023-40024.json | 53 +++++- CVE-2023/CVE-2023-402xx/CVE-2023-40291.json | 65 ++++++- CVE-2023/CVE-2023-402xx/CVE-2023-40292.json | 65 ++++++- CVE-2023/CVE-2023-402xx/CVE-2023-40293.json | 65 ++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40352.json | 24 +++ CVE-2023/CVE-2023-43xx/CVE-2023-4323.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4324.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4325.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4326.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4327.json | 75 +++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4328.json | 75 +++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4329.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4330.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4331.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4332.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4333.json | 75 +++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4334.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4335.json | 75 +++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4336.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4337.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4338.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4339.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4340.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4341.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4342.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4343.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4344.json | 63 ++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4373.json | 20 ++ CVE-2023/CVE-2023-44xx/CVE-2023-4407.json | 6 +- CVE-2023/CVE-2023-44xx/CVE-2023-4417.json | 43 +++++ CVE-2023/CVE-2023-44xx/CVE-2023-4456.json | 4 +- CVE-2023/CVE-2023-44xx/CVE-2023-4459.json | 51 ++++++ README.md | 81 ++++---- 59 files changed, 2634 insertions(+), 236 deletions(-) create mode 100644 CVE-2023/CVE-2023-403xx/CVE-2023-40352.json create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4373.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4417.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4459.json diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21286.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21286.json index 15020845231..00123ac7d0f 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21286.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21286.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21286", "sourceIdentifier": "security@android.com", "published": "2023-08-14T22:15:13.603", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:16:14.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", + "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*", + "matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", + "matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/a65429742caf05205ea7f1c2fdd1119ca652b810", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21287.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21287.json index 11f53570da6..2ca6b3d2f82 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21287.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21287.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21287", "sourceIdentifier": "security@android.com", "published": "2023-08-14T22:15:13.663", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:17:43.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", + "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*", + "matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", + "matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21288.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21288.json index b8c3df13752..f3608b24c18 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21288.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21288.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21288", "sourceIdentifier": "security@android.com", "published": "2023-08-14T22:15:13.727", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:35:46.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", + "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*", + "matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", + "matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/726247f4f53e8cc0746175265652fa415a123c0c", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21289.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21289.json index 049004ca189..0cc3bc926a6 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21289.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21289.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21289", "sourceIdentifier": "security@android.com", "published": "2023-08-14T22:15:13.790", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:47:03.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", + "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*", + "matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", + "matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/7a5e51c918b7097be3c7e669e1825a4d159c4185", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21290.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21290.json index 25e9212935d..b1f299a719a 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21290.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21290.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21290", "sourceIdentifier": "security@android.com", "published": "2023-08-14T22:15:13.853", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:49:23.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", + "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*", + "matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", + "matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21292.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21292.json index 70c90cac41e..6807be8e4b2 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21292.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21292.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21292", "sourceIdentifier": "security@android.com", "published": "2023-08-14T22:15:13.927", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:50:48.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", + "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*", + "matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", + "matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/d10b27e539f7bc91c2360d429b9d05f05274670d", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26469.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26469.json index e9fbec65ee7..942b0af7a27 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26469.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26469.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26469", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-17T19:15:12.143", - "lastModified": "2023-08-18T12:43:51.207", + "lastModified": "2023-08-21T19:15:08.140", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/174248/Jorani-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/Orange-Cyberdefense/CVE-repository/tree/master", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31447.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31447.json index 17208c61b90..e10b70035de 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31447.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31447.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31447", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:46.847", - "lastModified": "2023-08-21T17:15:46.847", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32002.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32002.json index 3beed9aa1ec..926646349a5 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32002.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32002.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32002", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-21T17:15:47.000", - "lastModified": "2023-08-21T17:15:47.000", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3366.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3366.json index b303b8325a0..b4d5abbf299 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3366.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3366.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3366", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:48.927", - "lastModified": "2023-08-21T17:15:48.927", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3604.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3604.json index 21f6823b91b..d85c2a34ba1 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3604.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3604.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3604", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:49.260", - "lastModified": "2023-08-21T17:15:49.260", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3667.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3667.json index 6f4bf47b8eb..d6d494984b6 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3667.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3667.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3667", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:49.617", - "lastModified": "2023-08-21T17:15:49.617", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37250.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37250.json index 4b91ad66c96..bb9bf44ee47 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37250.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37250.json @@ -2,16 +2,20 @@ "id": "CVE-2023-37250", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-20T08:15:09.013", - "lastModified": "2023-08-21T12:47:18.157", + "lastModified": "2023-08-21T19:15:08.427", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Unity Parsec before 8 has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in \"Per User\" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs." + "value": "Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in \"Per User\" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version." } ], "metrics": {}, "references": [ + { + "url": "https://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250", + "source": "cve@mitre.org" + }, { "url": "https://unity3d.com", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38035.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38035.json index 8b008c3ee87..c59c1b389e3 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38035.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38035.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38035", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-21T17:15:47.457", - "lastModified": "2023-08-21T17:15:47.457", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38836.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38836.json index b6ed2fb37f2..b426bc724b4 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38836.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38836.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38836", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:47.633", - "lastModified": "2023-08-21T17:15:47.633", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38961.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38961.json index 87854df5977..c96911da1e0 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38961.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38961.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38961", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:47.973", - "lastModified": "2023-08-21T17:15:47.973", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38976.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38976.json index d5a18231309..17a2332fd01 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38976.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38976.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38976", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:48.127", - "lastModified": "2023-08-21T17:15:48.127", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39061.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39061.json index 8a6c2bc93d6..fa56ab37f6d 100644 --- a/CVE-2023/CVE-2023-390xx/CVE-2023-39061.json +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39061.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39061", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:48.277", - "lastModified": "2023-08-21T17:15:48.277", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39094.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39094.json index b1e1548ad16..61c28a654f4 100644 --- a/CVE-2023/CVE-2023-390xx/CVE-2023-39094.json +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39094.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39094", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:48.437", - "lastModified": "2023-08-21T17:15:48.437", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39106.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39106.json index 6e81fc87446..eb6b5e13156 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39106.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39106.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39106", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:48.587", - "lastModified": "2023-08-21T17:15:48.587", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39660.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39660.json index 2f7678f6a79..708024bc126 100644 --- a/CVE-2023/CVE-2023-396xx/CVE-2023-39660.json +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39660.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39660", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:48.797", - "lastModified": "2023-08-21T17:15:48.797", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39948.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39948.json index 85b6e3553ca..103a690d810 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39948.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39948.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39948", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-11T14:15:13.693", - "lastModified": "2023-08-21T04:15:10.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:17:43.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,22 +76,78 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndExcluding": "2.6.5", + "matchCriteriaId": "A5F6650B-AD38-4E23-94EC-691A17D787EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:2.10.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B9255BCA-332A-4107-9A21-95907F1B6F2C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/eProsima/Fast-DDS/issues/3422", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5481", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39949.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39949.json index 44e79ad7d8e..5a624c416d0 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39949.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39949.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39949", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-11T14:15:13.807", - "lastModified": "2023-08-21T04:15:10.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:17:36.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,78 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndExcluding": "2.6.5", + "matchCriteriaId": "A5F6650B-AD38-4E23-94EC-691A17D787EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:2.9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D74922AF-7F3C-4F24-8924-298BA00F4204" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/eProsima/Fast-DDS/issues/3236", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5481", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3936.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3936.json index 29d77521d8c..0b53ec9b457 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3936.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3936.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3936", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:49.967", - "lastModified": "2023-08-21T17:15:49.967", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3954.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3954.json index d8ec87393c0..5314a2e1213 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3954.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3954.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3954", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:50.047", - "lastModified": "2023-08-21T17:15:50.047", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40023.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40023.json index b66f6e9b02d..b7e8ec4c316 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40023.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40023.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40023", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-14T20:15:12.530", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:10:59.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,169 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.0:sp6:*:*:*:*:*:*", + "matchCriteriaId": "46F3DA06-8197-447A-BCE3-D838062BD344" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.0:sp7:*:*:*:*:*:*", + "matchCriteriaId": "DA076EFA-4FED-4894-A46D-7DF553B331B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.0:sp8:*:*:*:*:*:*", + "matchCriteriaId": "72C59A71-E85A-4684-9638-DCB1D8F4872F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:-:*:*:*:*:*:*", + "matchCriteriaId": "EABBAB5A-2C5B-4D7A-BAC0-55901CF817BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp1:*:*:*:*:*:*", + "matchCriteriaId": "776E7D1A-29AD-4B66-8BE4-F35D3408934C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp2:*:*:*:*:*:*", + "matchCriteriaId": "29A9F6F9-1E01-4898-B29A-A29ADF96EEF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp3:*:*:*:*:*:*", + "matchCriteriaId": "F9B9AB79-69F4-4CA8-984A-8E2629F9FE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp4:*:*:*:*:*:*", + "matchCriteriaId": "394A1DC3-36A3-4605-AC06-A60D545D6FC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp5:*:*:*:*:*:*", + "matchCriteriaId": "676D35A7-BB18-47C6-AD6C-632956C9C7A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp6:*:*:*:*:*:*", + "matchCriteriaId": "E594F631-6069-4303-B069-8AA800F677F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp7:*:*:*:*:*:*", + "matchCriteriaId": "1300104E-98A7-4B3E-97A5-FF039E71625B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp8:*:*:*:*:*:*", + "matchCriteriaId": "6BD1798E-CF01-4A84-80DF-F25BD1536982" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp9:*:*:*:*:*:*", + "matchCriteriaId": "6E7E08F1-D67D-41CB-B42D-49A7B333AE58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:-:*:*:*:*:*:*", + "matchCriteriaId": "6332A9BD-0B5A-4969-B55B-F272A511E1ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp1:*:*:*:*:*:*", + "matchCriteriaId": "F3F488F4-C4A8-42A9-A7B7-32807AF02AA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp2:*:*:*:*:*:*", + "matchCriteriaId": "C85FBE1E-DF14-46C9-A5FF-D4DE67198CEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp3:*:*:*:*:*:*", + "matchCriteriaId": "4A2A688A-E1E0-4EE5-B71B-3CBFBD513D6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp4:*:*:*:*:*:*", + "matchCriteriaId": "8A50F230-6189-40C7-AB17-A9C542D63B6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp5:*:*:*:*:*:*", + "matchCriteriaId": "F069B61E-527E-4311-8A1B-2F596DC6041D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp6:*:*:*:*:*:*", + "matchCriteriaId": "44A6D499-215E-4311-A104-81C788187D6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp7:*:*:*:*:*:*", + "matchCriteriaId": "71ABAD8C-795C-4BA3-B431-06F8A05ECD2A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.3:-:*:*:*:*:*:*", + "matchCriteriaId": "9EC848A3-5489-4A76-AD14-4A145500E294" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.3:sp1:*:*:*:*:*:*", + "matchCriteriaId": "FC3B8C85-0058-4B8E-9306-6F82D47A7787" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.3:sp2:*:*:*:*:*:*", + "matchCriteriaId": "E41C8D32-620B-4453-952D-DE5F31428133" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.3:sp3:*:*:*:*:*:*", + "matchCriteriaId": "79730955-D4B1-4A62-9BE2-E2ACB9B4E704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaklang:yaklang:1.2.4:-:*:*:*:*:*:*", + "matchCriteriaId": "54936273-80E5-4FC5-B2F9-EF6923ABB6E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/yaklang/yaklang/pull/295", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/yaklang/yaklang/pull/296", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/yaklang/yaklang/security/advisories/GHSA-xvhg-w6qc-m3qq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40024.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40024.json index 0083ba22986..1379d20da0a 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40024.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40024.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40024", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-14T20:15:12.837", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:15:25.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nexb:scancode.io:*:*:*:*:*:*:*:*", + "versionEndIncluding": "32.5.1", + "matchCriteriaId": "30C9948F-8470-41F9-9DA5-2FEB954189F7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nexB/scancode.io/blob/dd7769fbc97c84545579cebf1dc4838214098a11/CHANGELOG.rst#v3252-2023-08-14", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/nexB/scancode.io/security/advisories/GHSA-6xcx-gx7r-rccj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40291.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40291.json index c85511cddc8..a641e671c93 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40291.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40291.json @@ -2,19 +2,76 @@ "id": "CVE-2023-40291", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T04:15:11.133", - "lastModified": "2023-08-14T13:06:15.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:26:45.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:harman_infotainment:20190525031613:*:*:*:*:*:*:*", + "matchCriteriaId": "428F9CD5-4676-4598-A715-F2E1FBCADDAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40292.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40292.json index a18393d91d5..022d7805546 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40292.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40292.json @@ -2,19 +2,76 @@ "id": "CVE-2023-40292", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T04:15:11.203", - "lastModified": "2023-08-14T13:06:15.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:37:53.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:harman_infotainment:20190525031613:*:*:*:*:*:*:*", + "matchCriteriaId": "428F9CD5-4676-4598-A715-F2E1FBCADDAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40293.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40293.json index a10dbd50911..f671e770fb6 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40293.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40293.json @@ -2,19 +2,76 @@ "id": "CVE-2023-40293", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T04:15:11.273", - "lastModified": "2023-08-14T13:06:15.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:38:08.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:harman_infotainment:20190525031613:*:*:*:*:*:*:*", + "matchCriteriaId": "428F9CD5-4676-4598-A715-F2E1FBCADDAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40352.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40352.json new file mode 100644 index 00000000000..26a1aae79a2 --- /dev/null +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40352.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-40352", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-21T19:15:08.607", + "lastModified": "2023-08-21T19:15:08.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mcafee.com/support/?articleId=TS103462&page=shell&shell=article-view", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4323.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4323.json index 1a9bccbd1f3..d68d58c0c63 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4323.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4323.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4323", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:10.790", - "lastModified": "2023-08-15T20:01:42.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:41:27.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4324.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4324.json index 5b051edf0d0..540898943ea 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4324.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4324.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4324", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:10.847", - "lastModified": "2023-08-15T20:01:42.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:41:15.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4325.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4325.json index 5a72f0c779d..90bb4da2c2d 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4325.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4325.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4325", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:10.900", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:41:08.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4326.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4326.json index cfbe9183cfd..c532b2652b6 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4326.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4326.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4326", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:10.957", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:41:02.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4327.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4327.json index 52d4c39a3c9..1c53de60b6c 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4327.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4327.json @@ -2,19 +2,86 @@ "id": "CVE-2023-4327", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.010", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:40:55.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4328.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4328.json index 0a02bd6b2a1..ce7faa9c6b2 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4328.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4328.json @@ -2,19 +2,86 @@ "id": "CVE-2023-4328", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.060", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:40:49.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4329.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4329.json index dd79095e928..af9d11d9820 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4329.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4329.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4329", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.117", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:40:42.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4330.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4330.json index a5791f9e136..28ac66efb3e 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4330.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4330.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4330", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.177", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:40:31.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable Denial of Service can be caused by an authenticated user to the REST API Interface" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4331.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4331.json index 0c79bb2e73b..eb1600caf51 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4331.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4331.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4331", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.230", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:40:23.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4332.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4332.json index 5b07d06906c..efb322ced47 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4332.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4332.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4332", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.290", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:39:08.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4333.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4333.json index fbeb08fd7b9..a05ea1a7912 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4333.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4333.json @@ -2,19 +2,86 @@ "id": "CVE-2023-4333", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.347", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:38:35.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4334.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4334.json index 36908e481ae..efa442cd1cd 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4334.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4334.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4334", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.397", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:46:04.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller Web server (nginx) is serving private files without any authentication" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4335.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4335.json index 800754ddbaf..ebad9a9f958 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4335.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4335.json @@ -2,19 +2,86 @@ "id": "CVE-2023-4335", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.450", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:45:53.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4336.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4336.json index 02e3d706cb7..6ca8931d950 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4336.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4336.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4336", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.503", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:45:37.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4337.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4337.json index 4e00b36fdf9..281fb5d7439 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4337.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4337.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4337", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.560", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:45:25.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4338.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4338.json index f43e9c4ae24..89b7ffff569 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4338.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4338.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4338", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.613", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:43:29.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4339.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4339.json index c0772e4df73..c27835050b8 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4339.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4339.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4339", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.663", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:43:44.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4340.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4340.json index 14a2f7029c3..8c23d022ab5 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4340.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4340.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4340", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.717", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:42:54.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4341.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4341.json index 8f33eec4811..8db2e861eb1 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4341.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4341.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4341", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.770", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:42:47.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4342.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4342.json index 321277c5840..7808af34b24 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4342.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4342.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4342", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.823", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:42:30.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4343.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4343.json index 952a9649dbb..76eb38f227d 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4343.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4343.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4343", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.883", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:42:39.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4344.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4344.json index 63ba54873f4..bf9163245a0 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4344.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4344.json @@ -2,19 +2,74 @@ "id": "CVE-2023-4344", "sourceIdentifier": "cret@cert.org", "published": "2023-08-15T19:15:11.943", - "lastModified": "2023-08-15T20:01:35.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-21T18:42:16.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.broadcom.com/support/resources/product-security-center", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json new file mode 100644 index 00000000000..f5bd5f93dea --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-4373", + "sourceIdentifier": "security@devolutions.net", + "published": "2023-08-21T19:15:08.787", + "lastModified": "2023-08-21T19:15:08.787", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2023-0015/", + "source": "security@devolutions.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4407.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4407.json index 76778b77cf8..4c46c79096b 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4407.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4407.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4407", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-18T13:15:09.830", - "lastModified": "2023-08-18T15:06:49.560", + "lastModified": "2023-08-21T19:15:08.937", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -72,6 +72,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174244/Credit-Lite-1.5.4-SQL-Injection.html", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.237511", "source": "cna@vuldb.com" diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json new file mode 100644 index 00000000000..3257182a9c5 --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-4417", + "sourceIdentifier": "security@devolutions.net", + "published": "2023-08-21T19:15:09.187", + "lastModified": "2023-08-21T19:15:09.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@devolutions.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2023-0015", + "source": "security@devolutions.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4456.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4456.json index 4ec20a80f73..29e686d7ddf 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4456.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4456.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4456", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-21T17:15:50.283", - "lastModified": "2023-08-21T17:15:50.283", - "vulnStatus": "Received", + "lastModified": "2023-08-21T18:35:09.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json new file mode 100644 index 00000000000..966d7d8a4a9 --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-4459", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-08-21T19:15:09.373", + "lastModified": "2023-08-21T19:15:09.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4459", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219268", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 70566550685..41280582cac 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-21T18:00:38.765995+00:00 +2023-08-21T20:00:38.779443+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-21T17:58:05.637000+00:00 +2023-08-21T19:15:09.373000+00:00 ``` ### Last Data Feed Release @@ -29,61 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223074 +223078 ``` ### CVEs added in the last Commit -Recently added CVEs: `17` +Recently added CVEs: `4` -* [CVE-2022-4367](CVE-2022/CVE-2022-43xx/CVE-2022-4367.json) (`2023-08-21T17:15:46.307`) -* [CVE-2023-31447](CVE-2023/CVE-2023-314xx/CVE-2023-31447.json) (`2023-08-21T17:15:46.847`) -* [CVE-2023-32002](CVE-2023/CVE-2023-320xx/CVE-2023-32002.json) (`2023-08-21T17:15:47.000`) -* [CVE-2023-38035](CVE-2023/CVE-2023-380xx/CVE-2023-38035.json) (`2023-08-21T17:15:47.457`) -* [CVE-2023-38836](CVE-2023/CVE-2023-388xx/CVE-2023-38836.json) (`2023-08-21T17:15:47.633`) -* [CVE-2023-38961](CVE-2023/CVE-2023-389xx/CVE-2023-38961.json) (`2023-08-21T17:15:47.973`) -* [CVE-2023-38976](CVE-2023/CVE-2023-389xx/CVE-2023-38976.json) (`2023-08-21T17:15:48.127`) -* [CVE-2023-39061](CVE-2023/CVE-2023-390xx/CVE-2023-39061.json) (`2023-08-21T17:15:48.277`) -* [CVE-2023-39094](CVE-2023/CVE-2023-390xx/CVE-2023-39094.json) (`2023-08-21T17:15:48.437`) -* [CVE-2023-39106](CVE-2023/CVE-2023-391xx/CVE-2023-39106.json) (`2023-08-21T17:15:48.587`) -* [CVE-2023-39660](CVE-2023/CVE-2023-396xx/CVE-2023-39660.json) (`2023-08-21T17:15:48.797`) -* [CVE-2023-3366](CVE-2023/CVE-2023-33xx/CVE-2023-3366.json) (`2023-08-21T17:15:48.927`) -* [CVE-2023-3604](CVE-2023/CVE-2023-36xx/CVE-2023-3604.json) (`2023-08-21T17:15:49.260`) -* [CVE-2023-3667](CVE-2023/CVE-2023-36xx/CVE-2023-3667.json) (`2023-08-21T17:15:49.617`) -* [CVE-2023-3936](CVE-2023/CVE-2023-39xx/CVE-2023-3936.json) (`2023-08-21T17:15:49.967`) -* [CVE-2023-3954](CVE-2023/CVE-2023-39xx/CVE-2023-3954.json) (`2023-08-21T17:15:50.047`) -* [CVE-2023-4456](CVE-2023/CVE-2023-44xx/CVE-2023-4456.json) (`2023-08-21T17:15:50.283`) +* [CVE-2023-40352](CVE-2023/CVE-2023-403xx/CVE-2023-40352.json) (`2023-08-21T19:15:08.607`) +* [CVE-2023-4373](CVE-2023/CVE-2023-43xx/CVE-2023-4373.json) (`2023-08-21T19:15:08.787`) +* [CVE-2023-4417](CVE-2023/CVE-2023-44xx/CVE-2023-4417.json) (`2023-08-21T19:15:09.187`) +* [CVE-2023-4459](CVE-2023/CVE-2023-44xx/CVE-2023-4459.json) (`2023-08-21T19:15:09.373`) ### CVEs modified in the last Commit -Recently modified CVEs: `60` +Recently modified CVEs: `54` -* [CVE-2023-0872](CVE-2023/CVE-2023-08xx/CVE-2023-0872.json) (`2023-08-21T17:12:20.407`) -* [CVE-2023-26961](CVE-2023/CVE-2023-269xx/CVE-2023-26961.json) (`2023-08-21T17:15:46.583`) -* [CVE-2023-32663](CVE-2023/CVE-2023-326xx/CVE-2023-32663.json) (`2023-08-21T17:15:47.183`) -* [CVE-2023-38840](CVE-2023/CVE-2023-388xx/CVE-2023-38840.json) (`2023-08-21T17:15:47.793`) -* [CVE-2023-28481](CVE-2023/CVE-2023-284xx/CVE-2023-28481.json) (`2023-08-21T17:18:27.813`) -* [CVE-2023-28482](CVE-2023/CVE-2023-284xx/CVE-2023-28482.json) (`2023-08-21T17:21:28.503`) -* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-08-21T17:24:22.070`) -* [CVE-2023-39292](CVE-2023/CVE-2023-392xx/CVE-2023-39292.json) (`2023-08-21T17:24:42.877`) -* [CVE-2023-40294](CVE-2023/CVE-2023-402xx/CVE-2023-40294.json) (`2023-08-21T17:25:38.010`) -* [CVE-2023-20586](CVE-2023/CVE-2023-205xx/CVE-2023-20586.json) (`2023-08-21T17:25:49.017`) -* [CVE-2023-20569](CVE-2023/CVE-2023-205xx/CVE-2023-20569.json) (`2023-08-21T17:26:07.933`) -* [CVE-2023-4350](CVE-2023/CVE-2023-43xx/CVE-2023-4350.json) (`2023-08-21T17:27:02.017`) -* [CVE-2023-4351](CVE-2023/CVE-2023-43xx/CVE-2023-4351.json) (`2023-08-21T17:29:16.257`) -* [CVE-2023-4352](CVE-2023/CVE-2023-43xx/CVE-2023-4352.json) (`2023-08-21T17:35:28.180`) -* [CVE-2023-40295](CVE-2023/CVE-2023-402xx/CVE-2023-40295.json) (`2023-08-21T17:35:53.970`) -* [CVE-2023-4353](CVE-2023/CVE-2023-43xx/CVE-2023-4353.json) (`2023-08-21T17:36:21.240`) -* [CVE-2023-4354](CVE-2023/CVE-2023-43xx/CVE-2023-4354.json) (`2023-08-21T17:37:13.257`) -* [CVE-2023-4355](CVE-2023/CVE-2023-43xx/CVE-2023-4355.json) (`2023-08-21T17:39:24.197`) -* [CVE-2023-4356](CVE-2023/CVE-2023-43xx/CVE-2023-4356.json) (`2023-08-21T17:40:42.347`) -* [CVE-2023-2916](CVE-2023/CVE-2023-29xx/CVE-2023-2916.json) (`2023-08-21T17:49:19.573`) -* [CVE-2023-39852](CVE-2023/CVE-2023-398xx/CVE-2023-39852.json) (`2023-08-21T17:51:08.113`) -* [CVE-2023-3721](CVE-2023/CVE-2023-37xx/CVE-2023-3721.json) (`2023-08-21T17:53:45.117`) -* [CVE-2023-4361](CVE-2023/CVE-2023-43xx/CVE-2023-4361.json) (`2023-08-21T17:54:24.567`) -* [CVE-2023-4308](CVE-2023/CVE-2023-43xx/CVE-2023-4308.json) (`2023-08-21T17:54:39.980`) -* [CVE-2023-39293](CVE-2023/CVE-2023-392xx/CVE-2023-39293.json) (`2023-08-21T17:58:05.637`) +* [CVE-2023-4330](CVE-2023/CVE-2023-43xx/CVE-2023-4330.json) (`2023-08-21T18:40:31.387`) +* [CVE-2023-4329](CVE-2023/CVE-2023-43xx/CVE-2023-4329.json) (`2023-08-21T18:40:42.853`) +* [CVE-2023-4328](CVE-2023/CVE-2023-43xx/CVE-2023-4328.json) (`2023-08-21T18:40:49.270`) +* [CVE-2023-4327](CVE-2023/CVE-2023-43xx/CVE-2023-4327.json) (`2023-08-21T18:40:55.273`) +* [CVE-2023-4326](CVE-2023/CVE-2023-43xx/CVE-2023-4326.json) (`2023-08-21T18:41:02.397`) +* [CVE-2023-4325](CVE-2023/CVE-2023-43xx/CVE-2023-4325.json) (`2023-08-21T18:41:08.710`) +* [CVE-2023-4324](CVE-2023/CVE-2023-43xx/CVE-2023-4324.json) (`2023-08-21T18:41:15.497`) +* [CVE-2023-4323](CVE-2023/CVE-2023-43xx/CVE-2023-4323.json) (`2023-08-21T18:41:27.860`) +* [CVE-2023-4344](CVE-2023/CVE-2023-43xx/CVE-2023-4344.json) (`2023-08-21T18:42:16.053`) +* [CVE-2023-4342](CVE-2023/CVE-2023-43xx/CVE-2023-4342.json) (`2023-08-21T18:42:30.650`) +* [CVE-2023-4343](CVE-2023/CVE-2023-43xx/CVE-2023-4343.json) (`2023-08-21T18:42:39.583`) +* [CVE-2023-4341](CVE-2023/CVE-2023-43xx/CVE-2023-4341.json) (`2023-08-21T18:42:47.613`) +* [CVE-2023-4340](CVE-2023/CVE-2023-43xx/CVE-2023-4340.json) (`2023-08-21T18:42:54.743`) +* [CVE-2023-4338](CVE-2023/CVE-2023-43xx/CVE-2023-4338.json) (`2023-08-21T18:43:29.833`) +* [CVE-2023-4339](CVE-2023/CVE-2023-43xx/CVE-2023-4339.json) (`2023-08-21T18:43:44.337`) +* [CVE-2023-4337](CVE-2023/CVE-2023-43xx/CVE-2023-4337.json) (`2023-08-21T18:45:25.530`) +* [CVE-2023-4336](CVE-2023/CVE-2023-43xx/CVE-2023-4336.json) (`2023-08-21T18:45:37.487`) +* [CVE-2023-4335](CVE-2023/CVE-2023-43xx/CVE-2023-4335.json) (`2023-08-21T18:45:53.070`) +* [CVE-2023-4334](CVE-2023/CVE-2023-43xx/CVE-2023-4334.json) (`2023-08-21T18:46:04.563`) +* [CVE-2023-21289](CVE-2023/CVE-2023-212xx/CVE-2023-21289.json) (`2023-08-21T18:47:03.143`) +* [CVE-2023-21290](CVE-2023/CVE-2023-212xx/CVE-2023-21290.json) (`2023-08-21T18:49:23.763`) +* [CVE-2023-21292](CVE-2023/CVE-2023-212xx/CVE-2023-21292.json) (`2023-08-21T18:50:48.783`) +* [CVE-2023-26469](CVE-2023/CVE-2023-264xx/CVE-2023-26469.json) (`2023-08-21T19:15:08.140`) +* [CVE-2023-37250](CVE-2023/CVE-2023-372xx/CVE-2023-37250.json) (`2023-08-21T19:15:08.427`) +* [CVE-2023-4407](CVE-2023/CVE-2023-44xx/CVE-2023-4407.json) (`2023-08-21T19:15:08.937`) ## Download and Usage