diff --git a/CVE-2022/CVE-2022-17xx/CVE-2022-1749.json b/CVE-2022/CVE-2022-17xx/CVE-2022-1749.json index c7165563e15..4a03b7b55a2 100644 --- a/CVE-2022/CVE-2022-17xx/CVE-2022-1749.json +++ b/CVE-2022/CVE-2022-17xx/CVE-2022-1749.json @@ -2,8 +2,8 @@ "id": "CVE-2022-1749", "sourceIdentifier": "security@wordfence.com", "published": "2022-06-13T14:15:08.577", - "lastModified": "2023-10-20T16:15:16.453", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-03T19:01:58.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -93,6 +93,16 @@ "value": "CWE-352" } ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ @@ -124,7 +134,10 @@ }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d063d01-5f67-4c7f-ab71-01708456e82b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749", diff --git a/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json b/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json new file mode 100644 index 00000000000..c261d8e371b --- /dev/null +++ b/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2022-3172", + "sourceIdentifier": "jordan@liggitt.net", + "published": "2023-11-03T20:15:08.550", + "lastModified": "2023-11-03T20:15:08.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL. This could\n lead to the client performing unexpected actions as well as forwarding \nthe client's API server credentials to third parties.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kubernetes/kubernetes/issues/112513", + "source": "jordan@liggitt.net" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak", + "source": "jordan@liggitt.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34205.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34205.json index 47512fdce18..f271c46f8cb 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34205.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34205.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34205", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:17.607", - "lastModified": "2023-10-25T18:17:08.520", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:05:29.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34206.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34206.json index 8d45309d121..9e84f1fe2a2 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34206.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34206.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34206", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:17.677", - "lastModified": "2023-10-25T18:17:08.577", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:05:24.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34207.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34207.json index 4858b06cdf0..55ae62cd1a1 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34207.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34207.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34207", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:17.737", - "lastModified": "2023-10-25T18:17:08.633", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:05:14.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34208.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34208.json index 1ec0a259d77..435d9fa3aa0 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34208.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34208.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34208", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:17.797", - "lastModified": "2023-10-25T18:17:08.690", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:05:20.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34209.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34209.json index 92ab275c3e2..94486ee25d1 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34209.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34209.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34209", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:17.857", - "lastModified": "2023-10-25T18:17:08.747", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:05:10.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34210.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34210.json index d569e6791e6..02e33b84c1c 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34210.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34210.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34210", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:17.913", - "lastModified": "2023-10-25T18:17:08.800", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:05:04.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34211.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34211.json index 23f817f1916..dceb9195598 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34211.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34211.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34211", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:17.970", - "lastModified": "2023-10-25T18:17:08.857", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:05:01.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34212.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34212.json index 0464b509c19..3a84e625c03 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34212.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34212.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34212", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:18.027", - "lastModified": "2023-10-25T18:17:08.913", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:04:57.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34213.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34213.json index 2173b37f57c..d91a27abacf 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34213.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34213.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34213", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-23T17:15:18.083", - "lastModified": "2023-10-25T18:17:08.970", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:04:53.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34779.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34779.json index 65a4d42e239..b9b0f9dbc4c 100644 --- a/CVE-2022/CVE-2022-347xx/CVE-2022-34779.json +++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34779.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34779", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-30T18:15:09.920", - "lastModified": "2023-10-25T18:17:09.163", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:04:44.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,20 +21,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", + "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 6.5, + "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, - "impactScore": 3.6 + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ @@ -73,8 +85,8 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:jenkins:xebialabs_xl_release:*:*:*:*:*:jenkins:*:*", - "versionEndIncluding": "22.0.0", - "matchCriteriaId": "30B1E319-6B13-4A80-8BED-81CB7BFF90D9" + "versionEndExcluding": "22.0.1", + "matchCriteriaId": "6ED34476-EBCE-46B2-BB36-A7B5FC3B2D41" } ] } @@ -84,7 +96,10 @@ "references": [ { "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20%281%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34780.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34780.json index 88319b69d98..a529c56d63d 100644 --- a/CVE-2022/CVE-2022-347xx/CVE-2022-34780.json +++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34780.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34780", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-30T18:15:10.087", - "lastModified": "2023-10-25T18:17:09.223", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:04:09.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ @@ -84,7 +96,10 @@ "references": [ { "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20%282%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34782.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34782.json index f34f2a6fae3..af1b908e97d 100644 --- a/CVE-2022/CVE-2022-347xx/CVE-2022-34782.json +++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34782.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34782", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-30T18:15:10.410", - "lastModified": "2023-10-25T18:17:09.337", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:07:00.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34785.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34785.json index b5b016c7ff2..d5f71d85d19 100644 --- a/CVE-2022/CVE-2022-347xx/CVE-2022-34785.json +++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34785.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34785", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-30T18:15:10.930", - "lastModified": "2023-10-25T18:17:09.517", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:06:54.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34789.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34789.json index c3c845987b6..6203b461ac4 100644 --- a/CVE-2022/CVE-2022-347xx/CVE-2022-34789.json +++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34789.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34789", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-30T18:15:11.707", - "lastModified": "2023-10-25T18:17:09.753", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:06:48.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34792.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34792.json index 37aca85cbc5..e16c511f0cb 100644 --- a/CVE-2022/CVE-2022-347xx/CVE-2022-34792.json +++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34792.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34792", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-30T18:15:12.227", - "lastModified": "2023-10-25T18:17:09.947", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:06:44.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34793.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34793.json index 75bd7754906..83946ef33e9 100644 --- a/CVE-2022/CVE-2022-347xx/CVE-2022-34793.json +++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34793.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34793", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-30T18:15:12.383", - "lastModified": "2023-10-25T18:17:10.007", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:06:38.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34794.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34794.json index 4824dbceb91..3d4016cc5d6 100644 --- a/CVE-2022/CVE-2022-347xx/CVE-2022-34794.json +++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34794.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34794", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-06-30T18:15:12.547", - "lastModified": "2023-10-25T18:17:10.060", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:06:01.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-435xx/CVE-2022-43554.json b/CVE-2022/CVE-2022-435xx/CVE-2022-43554.json new file mode 100644 index 00000000000..6dc5653ff62 --- /dev/null +++ b/CVE-2022/CVE-2022-435xx/CVE-2022-43554.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-43554", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-11-03T20:15:08.690", + "lastModified": "2023-11-03T20:15:08.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability" + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-435xx/CVE-2022-43555.json b/CVE-2022/CVE-2022-435xx/CVE-2022-43555.json new file mode 100644 index 00000000000..94b02912345 --- /dev/null +++ b/CVE-2022/CVE-2022-435xx/CVE-2022-43555.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-43555", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-11-03T20:15:08.757", + "lastModified": "2023-11-03T20:15:08.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability" + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44569.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44569.json new file mode 100644 index 00000000000..c66e61e4412 --- /dev/null +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44569.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-44569", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-11-03T20:15:08.813", + "lastModified": "2023-11-03T20:15:08.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://help.ivanti.com/res/help/en_US/IA/2023/Admin/Content/relnotes.htm", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21375.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21375.json index 702ee12d57b..9f022d95b9c 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21375.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21375.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21375", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.053", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:02:57.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Sysproxy, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de n\u00fameros enteros. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21376.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21376.json index 420fe3b9e83..2a8d6d52d9a 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21376.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21376.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21376", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.100", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:03:06.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Telephony existe una posible forma de recuperar el ICCID debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21377.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21377.json index ef10d485090..169da5e30ae 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21377.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21377.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21377", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.137", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:03:15.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En la pol\u00edtica de SELinux, existe una posible omisi\u00f3n de restricciones debido a una omisi\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21378.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21378.json index f40d8066750..10fe4f0df0f 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21378.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21378.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21378", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.180", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:03:25.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Telecomm, existe una forma posible de silenciar el timbre de las llamadas de usuarios secundarios debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21379.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21379.json index c37b47795a6..de33df6c9e0 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21379.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21379.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21379", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.223", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:03:36.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Bluetooth, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local en el servidor Bluetooth con los privilegios de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21380.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21380.json index c0cba1ed84e..794d25b2853 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21380.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21380.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21380", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.267", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:03:44.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Bluetooth, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento del b\u00fafer. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21381.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21381.json index c899ee60406..8138ea9ddd4 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21381.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21381.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21381", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.310", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:03:52.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Media Resource Manager, existe una posible ejecuci\u00f3n de c\u00f3digo arbitrario local debido a use-after-free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21382.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21382.json index de53e17fb5e..523c6701c6b 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21382.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21382.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21382", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.357", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:04:05.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Content Resolver, existe un m\u00e9todo posible para acceder a metadatos sobre proveedores de contenido existentes en el dispositivo debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21383.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21383.json index 77bd51d199c..a75e1e0ca18 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21383.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21383.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21383", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.393", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:04:28.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." + }, + { + "lang": "es", + "value": "En Settings, existe una forma posible de que el usuario env\u00ede datos adicionales sin querer debido a un mensaje poco claro. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21384.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21384.json index 9a1241174ac..d2f58e75cd0 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21384.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21384.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21384", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.433", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:04:43.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Package Manager, existe una posible omisi\u00f3n de permisos debido a un PendingIntent inseguro. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21385.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21385.json index f6b0ce4e1fb..57844d53d87 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21385.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21385.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21385", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.477", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:02:36.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Whitechapel, existe una posible lectura fuera de los l\u00edmites debido a corrupci\u00f3n de memoria. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32567.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32567.json index 44d83d756ac..ca713a655cc 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32567.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32567.json @@ -2,12 +2,12 @@ "id": "CVE-2023-32567", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-10T19:15:09.663", - "lastModified": "2023-08-15T20:22:37.530", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-03T20:15:08.877", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1." + "value": "Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236" } ], "metrics": { @@ -32,6 +32,28 @@ "exploitabilityScore": 3.9, "impactScore": 5.9 } + ], + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } ] }, "weaknesses": [ @@ -66,11 +88,8 @@ ], "references": [ { - "url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US", - "source": "support@hackerone.com", - "tags": [ - "Vendor Advisory" - ] + "url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt", + "source": "support@hackerone.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37913.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37913.json index 1a0512136c4..77466f77666 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37913.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37913.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37913", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-25T18:17:28.687", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:22:05.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -54,18 +84,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.5", + "versionEndExcluding": "14.10.8", + "matchCriteriaId": "80C139ED-96A3-417E-A6E0-3C661572BFC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.3", + "matchCriteriaId": "8B184228-E638-401A-ABF5-6D2ED76DF8CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20715", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39332.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39332.json index 3442f534a8a..72d58155462 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39332.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39332.json @@ -2,12 +2,12 @@ "id": "CVE-2023-39332", "sourceIdentifier": "support@hackerone.com", "published": "2023-10-18T04:15:11.330", - "lastModified": "2023-10-26T05:15:25.353", + "lastModified": "2023-11-03T20:15:08.997", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\n\nThis is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\n\nImpacts:\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." + "value": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\r\n\r\nThis is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\r\n\r\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." }, { "lang": "es", @@ -75,14 +75,6 @@ "tags": [ "Third Party Advisory" ] - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", - "source": "support@hackerone.com" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", - "source": "support@hackerone.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41080.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41080.json index 13ea6324b0c..3949352c03e 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41080.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41080.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41080", "sourceIdentifier": "security@apache.org", "published": "2023-08-25T21:15:09.397", - "lastModified": "2023-10-13T16:15:11.610", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-03T19:00:56.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -127,6 +127,26 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] } ], "references": [ @@ -141,19 +161,32 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230921-0006/", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5521", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5522", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41725.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41725.json new file mode 100644 index 00000000000..9cd48884992 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41725.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41725", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-11-03T20:15:09.093", + "lastModified": "2023-11-03T20:15:09.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability" + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41726.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41726.json new file mode 100644 index 00000000000..d7cd8bcd61d --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41726.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41726", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-11-03T20:15:09.143", + "lastModified": "2023-11-03T20:15:09.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability" + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42188.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42188.json index be311c26c55..5532f7e13c0 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42188.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42188.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42188", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T00:15:09.287", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-03T20:34:28.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "IceCMS v2.0.1 es vulnerable a Cross Site Request Forgery (CSRF)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:macwk:icecms:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C8043F07-E915-49DC-A4D8-DC34AC2B9770" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Thecosy/IceCMS/issues/17", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://topdayplus.github.io/2023/10/27/CVE-deatail/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43655.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43655.json index 61134252cff..7fc7a1bb7d6 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43655.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43655.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43655", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-29T20:15:09.987", - "lastModified": "2023-10-15T04:15:12.263", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:05:21.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -100,6 +100,26 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] } ], "references": [ @@ -133,11 +153,19 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43737.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43737.json index 452389d5482..d4c1f63908f 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43737.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43737.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43737", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-26T23:15:09.310", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-03T19:43:30.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,14 +50,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43738.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43738.json index c7301488906..b910eaf321a 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43738.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43738.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43738", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-27T03:15:07.960", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:53:08.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,14 +50,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44162.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44162.json index bb000c8dbe5..6b147a63bbe 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44162.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44162.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44162", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-27T03:15:08.040", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:46:03.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,14 +50,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44267.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44267.json index 8eeb3d4498c..a1923c08a02 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44267.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44267.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44267", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-26T20:15:08.637", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:50:57.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,14 +50,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44268.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44268.json index 47fa7d80d28..bcdb4c3df8e 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44268.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44268.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44268", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-26T23:15:09.387", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-03T19:43:10.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,14 +50,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Broken Link", + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44375.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44375.json index 524f66ea9cd..785cc6d5c80 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44375.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44375.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44375", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-27T03:15:08.120", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:45:39.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,14 +50,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45573.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45573.json index 000a45266a9..84702c01e45 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45573.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45573.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45573", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-16T06:15:12.357", - "lastModified": "2023-10-19T22:15:10.000", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-03T19:04:46.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45580.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45580.json index 0e83ad64c98..fd78923c74c 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45580.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45580.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45580", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-16T07:15:09.107", - "lastModified": "2023-10-19T22:15:10.187", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-03T19:04:23.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46091.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46091.json index 7bdab143439..e419de14cd8 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46091.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46091.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46091", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T08:15:31.273", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:19:18.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -48,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bala-krishna:category_seo_meta_tags:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.5", + "matchCriteriaId": "0D092F45-69A6-4254-8EDA-0925F797273A" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/category-seo-meta-tags/wordpress-category-seo-meta-tags-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46093.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46093.json index 3335a020c34..f710efccdde 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46093.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46093.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46093", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T08:15:31.377", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:19:59.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lionscripts:webmaster_tools:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0", + "matchCriteriaId": "4F01BD8B-1C9C-46E2-B36C-8BB2AE52C0AD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/webmaster-tools/wordpress-webmaster-tools-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46153.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46153.json index 1f53cf20db5..0eb6d86c28d 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46153.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46153.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46153", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T08:15:31.457", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:20:12.173", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:monsterinsights:user_feedback:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.9", + "matchCriteriaId": "43E2533A-0223-48BB-8825-8FB54556F329" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-user-feedback-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46194.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46194.json index 06ca04f3ed0..a30c0518297 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46194.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46194.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46194", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T08:15:31.607", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:55:05.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ericteubert:archivist_-_custom_archive_templates:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.5", + "matchCriteriaId": "46E69262-2199-4002-A372-7AEBB654EB69" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/archivist-custom-archive-templates/wordpress-archivist-custom-archive-templates-plugin-1-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46199.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46199.json index 424d014e710..236fb318e05 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46199.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46199.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46199", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T08:15:31.683", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:54:07.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:triberr:triberr:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.1.1", + "matchCriteriaId": "F62DFDE8-9822-4C1F-82A5-82A74DBA583C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/triberr-wordpress-plugin/wordpress-triberr-plugin-4-1-1-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46374.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46374.json index 0cd42105830..26d0244d0ee 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46374.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46374.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46374", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T00:15:09.327", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:23:58.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "ZenTao Enterprise Edition versi\u00f3n 4.1.3 y anteriores es vulnerable a Cross Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zentao:biz:*:*:*:*:enterprise:*:*:*", + "versionEndIncluding": "4.1.3", + "matchCriteriaId": "1B61140E-2A5A-4EA5-AD07-B85D68165C20" + } + ] + } + ] + } + ], "references": [ { "url": "https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46375.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46375.json index cfc175faa12..bd59892a093 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46375.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46375.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46375", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T01:15:32.173", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:23:34.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "ZenTao Biz versi\u00f3n 4.1.3 y anteriores es vulnerable a Cross Site Request Forgery (CSRF)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zentao:biz:*:*:*:*:enterprise:*:*:*", + "versionEndIncluding": "4.1.3", + "matchCriteriaId": "1B61140E-2A5A-4EA5-AD07-B85D68165C20" + } + ] + } + ] + } + ], "references": [ { "url": "https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-to-csrf-CVE-2023-46375-2d9d9fc2371f483eb436af20508df915", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46376.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46376.json index 6a015f76986..06661536c0f 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46376.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46376.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46376", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T01:15:32.220", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:11:37.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Zentao Biz versi\u00f3n 8.7 y anteriores es vulnerable a la divulgaci\u00f3n de informaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zentao:biz:*:*:*:*:enterprise:*:*:*", + "versionEndIncluding": "8.7", + "matchCriteriaId": "CB4BDAE0-EAC8-4265-97C2-61772B3F8681" + } + ] + } + ] + } + ], "references": [ { "url": "https://narrow-payment-2cd.notion.site/zentao-8-7-has-information-disclosure-vulnerability-CVE-2023-46376-537fae3936b84af583b51b74e6010dd7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46491.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46491.json index 2d98ee9c221..2672c7e8744 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46491.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46491.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46491", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T00:15:09.363", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:23:49.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "ZenTao Biz versi\u00f3n 4.1.3 y anteriores tiene una vulnerabilidad de Cross Site Scripting (XSS) en la librer\u00eda de versiones." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zentao:biz:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.1.3", + "matchCriteriaId": "BD77EC96-5DFD-4B49-A0DE-14735F18F78C" + } + ] + } + ] + } + ], "references": [ { "url": "https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-465xx/CVE-2023-46505.json b/CVE-2023/CVE-2023-465xx/CVE-2023-46505.json index 70ac6853ba2..d34ea3075c3 100644 --- a/CVE-2023/CVE-2023-465xx/CVE-2023-46505.json +++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46505.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46505", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T01:15:32.267", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-03T20:05:18.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Una vulnerabilidad de Cross Site Scripting en FanCMS v.1.0.0 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro content1 en el archivo demo.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pwncyn:fancms:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9EC6F1-F8D8-4020-A0F9-41A1BE75592F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PwnCYN/FanCMS/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5051.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5051.json index ec12eec1c29..e0a245e5906 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5051.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5051.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5051", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-27T04:15:10.957", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T19:58:53.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:callrail:callrail_phone_call_tracking:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.5.2", + "matchCriteriaId": "EE4C0D49-003A-4ED8-A746-5A73C3A8A32F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/callrail-phone-call-tracking/tags/0.5.2/callrail.php#L174", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2982876/callrail-phone-call-tracking#file0", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5054.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5054.json index f3c4180bead..fa8f82b15eb 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5054.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5054.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5054", "sourceIdentifier": "security@wordfence.com", "published": "2023-09-19T07:15:51.917", - "lastModified": "2023-10-13T01:15:55.887", - "vulnStatus": "Modified", + "lastModified": "2023-11-03T19:13:47.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,14 +11,34 @@ }, { "lang": "es", - "value": "El complemento Super Store Finder para WordPress es vulnerable a la creaci\u00f3n y retransmisi\u00f3n de correo electr\u00f3nico arbitrario no autenticado en versiones hasta la 6.9.2 incluida. Esto se debe a restricciones insuficientes en el archivo sendMail.php que permite el acceso directo. Esto hace posible que atacantes no autenticados env\u00eden correos electr\u00f3nicos utilizando el servidor del sitio vulnerable, con contenido arbitrario. Tenga en cuenta que esta vulnerabilidad ya se ha divulgado p\u00fablicamente con un exploit, por lo que publicamos los detalles sin un parche disponible; estamos intentando iniciar contacto con el desarrollador." + "value": "El complemento Super Store Finder para WordPress es vulnerable a la creaci\u00f3n y retransmisi\u00f3n de correo electr\u00f3nico arbitrario no autenticado en versiones hasta la 6.9.3 incluida. Esto se debe a restricciones insuficientes en el archivo sendMail.php que permite el acceso directo. Esto hace posible que atacantes no autenticados env\u00eden correos electr\u00f3nicos utilizando el servidor del sitio vulnerable, con contenido arbitrario. Tenga en cuenta que esta vulnerabilidad ya se ha divulgado p\u00fablicamente con un exploit, por lo que publicamos los detalles sin un parche disponible; estamos intentando iniciar contacto con el desarrollador." } ], "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", @@ -78,7 +98,10 @@ }, { "url": "https://superstorefinder.net/support/forums/topic/super-store-finder-for-wordpress-patch-notes/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d31d0553-9378-4c7e-a258-12562aa6b388?source=cve", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5139.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5139.json index 9b1b3088fe6..df5228f79af 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5139.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5139.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5139", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2023-10-26T05:15:26.217", - "lastModified": "2023-10-26T11:44:17.377", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:38:59.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "vulnerabilities@zephyrproject.org", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "vulnerabilities@zephyrproject.org", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.4.0", + "matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5335.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5335.json index 2493c6a6dec..e3d22fbbd88 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5335.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5335.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5335", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-30T14:15:09.667", - "lastModified": "2023-10-30T14:32:18.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:52:50.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Buzzsprout Podcasting para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s del shortcode 'buzzsprout' en versiones hasta la 1.8.3 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida en los atributos proporcionados por el usuario insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:buzzsprout:buzzsprout:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.8.4", + "matchCriteriaId": "CABB0244-B644-4246-AD92-8AD6CDB02DC6" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/buzzsprout-podcasting/tags/1.8.3/buzzsprout-podcasting.php#L271", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be7f8b73-801d-46e8-81c1-8bb0bb576700?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5565.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5565.json index 3d90b078106..5df888b0d9e 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5565.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5565.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5565", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-30T14:15:09.973", - "lastModified": "2023-10-30T14:32:18.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:53:13.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Shortcode Menu para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s del shortcode 'shortmenu' en versiones hasta la 3.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shortcode_menu_project:shortcod_menu:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2", + "matchCriteriaId": "3D4C4504-A73F-4A47-AC60-D0283ECC7334" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/shortcode-menu/tags/3.2/shortcode-menu.php#L183", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/438b9c13-4059-4671-ab4a-07a8cf6f6122?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5566.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5566.json index f161ef48d3f..91b71c2b51a 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5566.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5566.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5566", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-30T14:15:10.043", - "lastModified": "2023-10-30T14:32:18.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:53:30.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Simple Shortcodes para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s de shortcodes en versiones hasta la 1.0.20 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,22 +70,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simple_shortcodes_project:simple_shortcodes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.20", + "matchCriteriaId": "8ED68CB2-620E-4342-828D-00A6005DE2D5" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L257", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L292", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L386", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a153d6b2-e3fd-42db-90ba-d899a07d60c1?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5774.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5774.json index 447409251de..602e8957ca2 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5774.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5774.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5774", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-27T11:15:13.803", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:50:32.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Animated Counters para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s de shortcodes del complemento en todas las versiones hasta la 1.7 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida en los atributos proporcionados por el usuario insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eralion:animated_counters:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7", + "matchCriteriaId": "929BC71B-4619-4539-B07F-F2629837C6DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1zXWW545ktCznO36k90AN0APhTz8ky-gG/view?usp=sharing", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2984228/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5804.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5804.json index d3a01fc6b5b..1634a82ce58 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5804.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5804.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5804", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-26T20:15:08.900", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-03T20:42:53.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -64,6 +86,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +107,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:nipah_virus_testing_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85D720C8-26A6-4C73-974C-285291A71100" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/JacksonStonee/Nipah-virus-NiV-Testing-Management-System-Using-PHP-and-MySQL-1.0-has-a-SQL-injection-vuln-login.php/blob/main/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.243617", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.243617", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index a7e82bb5122..5ca4771e978 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-03T19:00:19.363320+00:00 +2023-11-03T21:00:40.327434+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-03T18:59:46.813000+00:00 +2023-11-03T20:55:05.450000+00:00 ``` ### Last Data Feed Release @@ -29,56 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229764 +229770 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `6` -* [CVE-2023-23368](CVE-2023/CVE-2023-233xx/CVE-2023-23368.json) (`2023-11-03T17:15:08.210`) -* [CVE-2023-23369](CVE-2023/CVE-2023-233xx/CVE-2023-23369.json) (`2023-11-03T17:15:08.327`) -* [CVE-2023-25700](CVE-2023/CVE-2023-257xx/CVE-2023-25700.json) (`2023-11-03T17:15:08.413`) -* [CVE-2023-25800](CVE-2023/CVE-2023-258xx/CVE-2023-25800.json) (`2023-11-03T17:15:08.487`) -* [CVE-2023-25990](CVE-2023/CVE-2023-259xx/CVE-2023-25990.json) (`2023-11-03T17:15:08.553`) -* [CVE-2023-32121](CVE-2023/CVE-2023-321xx/CVE-2023-32121.json) (`2023-11-03T17:15:08.620`) -* [CVE-2023-32508](CVE-2023/CVE-2023-325xx/CVE-2023-32508.json) (`2023-11-03T17:15:08.693`) -* [CVE-2023-34179](CVE-2023/CVE-2023-341xx/CVE-2023-34179.json) (`2023-11-03T17:15:08.760`) -* [CVE-2023-36529](CVE-2023/CVE-2023-365xx/CVE-2023-36529.json) (`2023-11-03T17:15:08.830`) -* [CVE-2023-39299](CVE-2023/CVE-2023-392xx/CVE-2023-39299.json) (`2023-11-03T17:15:08.900`) -* [CVE-2023-39301](CVE-2023/CVE-2023-393xx/CVE-2023-39301.json) (`2023-11-03T17:15:08.987`) -* [CVE-2023-3893](CVE-2023/CVE-2023-38xx/CVE-2023-3893.json) (`2023-11-03T18:15:08.623`) +* [CVE-2022-3172](CVE-2022/CVE-2022-31xx/CVE-2022-3172.json) (`2023-11-03T20:15:08.550`) +* [CVE-2022-43554](CVE-2022/CVE-2022-435xx/CVE-2022-43554.json) (`2023-11-03T20:15:08.690`) +* [CVE-2022-43555](CVE-2022/CVE-2022-435xx/CVE-2022-43555.json) (`2023-11-03T20:15:08.757`) +* [CVE-2022-44569](CVE-2022/CVE-2022-445xx/CVE-2022-44569.json) (`2023-11-03T20:15:08.813`) +* [CVE-2023-41725](CVE-2023/CVE-2023-417xx/CVE-2023-41725.json) (`2023-11-03T20:15:09.093`) +* [CVE-2023-41726](CVE-2023/CVE-2023-417xx/CVE-2023-41726.json) (`2023-11-03T20:15:09.143`) ### CVEs modified in the last Commit -Recently modified CVEs: `72` +Recently modified CVEs: `61` -* [CVE-2022-34202](CVE-2022/CVE-2022-342xx/CVE-2022-34202.json) (`2023-11-03T18:42:16.237`) -* [CVE-2023-38847](CVE-2023/CVE-2023-388xx/CVE-2023-38847.json) (`2023-11-03T17:22:18.760`) -* [CVE-2023-38848](CVE-2023/CVE-2023-388xx/CVE-2023-38848.json) (`2023-11-03T17:27:41.767`) -* [CVE-2023-21347](CVE-2023/CVE-2023-213xx/CVE-2023-21347.json) (`2023-11-03T17:30:06.220`) -* [CVE-2023-38849](CVE-2023/CVE-2023-388xx/CVE-2023-38849.json) (`2023-11-03T17:30:57.887`) -* [CVE-2023-46583](CVE-2023/CVE-2023-465xx/CVE-2023-46583.json) (`2023-11-03T17:39:21.597`) -* [CVE-2023-21345](CVE-2023/CVE-2023-213xx/CVE-2023-21345.json) (`2023-11-03T17:42:55.850`) -* [CVE-2023-46584](CVE-2023/CVE-2023-465xx/CVE-2023-46584.json) (`2023-11-03T17:46:20.620`) -* [CVE-2023-30967](CVE-2023/CVE-2023-309xx/CVE-2023-30967.json) (`2023-11-03T17:54:04.193`) -* [CVE-2023-30969](CVE-2023/CVE-2023-309xx/CVE-2023-30969.json) (`2023-11-03T18:01:07.577`) -* [CVE-2023-43906](CVE-2023/CVE-2023-439xx/CVE-2023-43906.json) (`2023-11-03T18:02:02.433`) -* [CVE-2023-43905](CVE-2023/CVE-2023-439xx/CVE-2023-43905.json) (`2023-11-03T18:07:46.893`) -* [CVE-2023-46345](CVE-2023/CVE-2023-463xx/CVE-2023-46345.json) (`2023-11-03T18:08:37.197`) -* [CVE-2023-5798](CVE-2023/CVE-2023-57xx/CVE-2023-5798.json) (`2023-11-03T18:11:15.020`) -* [CVE-2023-46075](CVE-2023/CVE-2023-460xx/CVE-2023-46075.json) (`2023-11-03T18:16:05.993`) -* [CVE-2023-46088](CVE-2023/CVE-2023-460xx/CVE-2023-46088.json) (`2023-11-03T18:21:52.097`) -* [CVE-2023-46094](CVE-2023/CVE-2023-460xx/CVE-2023-46094.json) (`2023-11-03T18:33:01.087`) -* [CVE-2023-5780](CVE-2023/CVE-2023-57xx/CVE-2023-5780.json) (`2023-11-03T18:37:56.903`) -* [CVE-2023-5781](CVE-2023/CVE-2023-57xx/CVE-2023-5781.json) (`2023-11-03T18:45:37.180`) -* [CVE-2023-46090](CVE-2023/CVE-2023-460xx/CVE-2023-46090.json) (`2023-11-03T18:46:39.610`) -* [CVE-2023-5782](CVE-2023/CVE-2023-57xx/CVE-2023-5782.json) (`2023-11-03T18:52:13.017`) -* [CVE-2023-21362](CVE-2023/CVE-2023-213xx/CVE-2023-21362.json) (`2023-11-03T18:58:33.967`) -* [CVE-2023-21372](CVE-2023/CVE-2023-213xx/CVE-2023-21372.json) (`2023-11-03T18:58:47.933`) -* [CVE-2023-21349](CVE-2023/CVE-2023-213xx/CVE-2023-21349.json) (`2023-11-03T18:59:35.570`) -* [CVE-2023-21348](CVE-2023/CVE-2023-213xx/CVE-2023-21348.json) (`2023-11-03T18:59:46.813`) +* [CVE-2023-44375](CVE-2023/CVE-2023-443xx/CVE-2023-44375.json) (`2023-11-03T19:45:39.960`) +* [CVE-2023-44162](CVE-2023/CVE-2023-441xx/CVE-2023-44162.json) (`2023-11-03T19:46:03.623`) +* [CVE-2023-44267](CVE-2023/CVE-2023-442xx/CVE-2023-44267.json) (`2023-11-03T19:50:57.197`) +* [CVE-2023-43738](CVE-2023/CVE-2023-437xx/CVE-2023-43738.json) (`2023-11-03T19:53:08.763`) +* [CVE-2023-5051](CVE-2023/CVE-2023-50xx/CVE-2023-5051.json) (`2023-11-03T19:58:53.517`) +* [CVE-2023-46505](CVE-2023/CVE-2023-465xx/CVE-2023-46505.json) (`2023-11-03T20:05:18.503`) +* [CVE-2023-46376](CVE-2023/CVE-2023-463xx/CVE-2023-46376.json) (`2023-11-03T20:11:37.757`) +* [CVE-2023-32567](CVE-2023/CVE-2023-325xx/CVE-2023-32567.json) (`2023-11-03T20:15:08.877`) +* [CVE-2023-39332](CVE-2023/CVE-2023-393xx/CVE-2023-39332.json) (`2023-11-03T20:15:08.997`) +* [CVE-2023-46091](CVE-2023/CVE-2023-460xx/CVE-2023-46091.json) (`2023-11-03T20:19:18.047`) +* [CVE-2023-46093](CVE-2023/CVE-2023-460xx/CVE-2023-46093.json) (`2023-11-03T20:19:59.937`) +* [CVE-2023-46153](CVE-2023/CVE-2023-461xx/CVE-2023-46153.json) (`2023-11-03T20:20:12.173`) +* [CVE-2023-37913](CVE-2023/CVE-2023-379xx/CVE-2023-37913.json) (`2023-11-03T20:22:05.087`) +* [CVE-2023-46375](CVE-2023/CVE-2023-463xx/CVE-2023-46375.json) (`2023-11-03T20:23:34.067`) +* [CVE-2023-46491](CVE-2023/CVE-2023-464xx/CVE-2023-46491.json) (`2023-11-03T20:23:49.313`) +* [CVE-2023-46374](CVE-2023/CVE-2023-463xx/CVE-2023-46374.json) (`2023-11-03T20:23:58.070`) +* [CVE-2023-42188](CVE-2023/CVE-2023-421xx/CVE-2023-42188.json) (`2023-11-03T20:34:28.027`) +* [CVE-2023-5139](CVE-2023/CVE-2023-51xx/CVE-2023-5139.json) (`2023-11-03T20:38:59.517`) +* [CVE-2023-5804](CVE-2023/CVE-2023-58xx/CVE-2023-5804.json) (`2023-11-03T20:42:53.070`) +* [CVE-2023-5774](CVE-2023/CVE-2023-57xx/CVE-2023-5774.json) (`2023-11-03T20:50:32.283`) +* [CVE-2023-5335](CVE-2023/CVE-2023-53xx/CVE-2023-5335.json) (`2023-11-03T20:52:50.230`) +* [CVE-2023-5565](CVE-2023/CVE-2023-55xx/CVE-2023-5565.json) (`2023-11-03T20:53:13.923`) +* [CVE-2023-5566](CVE-2023/CVE-2023-55xx/CVE-2023-5566.json) (`2023-11-03T20:53:30.187`) +* [CVE-2023-46199](CVE-2023/CVE-2023-461xx/CVE-2023-46199.json) (`2023-11-03T20:54:07.940`) +* [CVE-2023-46194](CVE-2023/CVE-2023-461xx/CVE-2023-46194.json) (`2023-11-03T20:55:05.450`) ## Download and Usage