From 866b3c5ffc4bc6877d54546b08954dca424f52b2 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 1 Aug 2023 16:00:31 +0000 Subject: [PATCH] Auto-Update: 2023-08-01T16:00:27.501449+00:00 --- CVE-2022/CVE-2022-399xx/CVE-2022-39986.json | 24 + CVE-2022/CVE-2022-399xx/CVE-2022-39987.json | 24 + CVE-2023/CVE-2023-258xx/CVE-2023-25841.json | 51 +- CVE-2023/CVE-2023-301xx/CVE-2023-30151.json | 14 +- CVE-2023/CVE-2023-317xx/CVE-2023-31710.json | 20 + CVE-2023/CVE-2023-31xx/CVE-2023-3117.json | 111 +- CVE-2023/CVE-2023-346xx/CVE-2023-34634.json | 32 + CVE-2023/CVE-2023-353xx/CVE-2023-35392.json | 40 +- CVE-2023/CVE-2023-36xx/CVE-2023-3603.json | 64 +- CVE-2023/CVE-2023-379xx/CVE-2023-37915.json | 64 +- CVE-2023/CVE-2023-381xx/CVE-2023-38173.json | 40 +- CVE-2023/CVE-2023-381xx/CVE-2023-38187.json | 40 +- CVE-2023/CVE-2023-383xx/CVE-2023-38357.json | 28 + CVE-2023/CVE-2023-385xx/CVE-2023-38523.json | 1023 ++++++++++++++++++- CVE-2023/CVE-2023-38xx/CVE-2023-3802.json | 73 +- CVE-2023/CVE-2023-391xx/CVE-2023-39108.json | 20 + CVE-2023/CVE-2023-391xx/CVE-2023-39109.json | 20 + CVE-2023/CVE-2023-391xx/CVE-2023-39110.json | 20 + CVE-2023/CVE-2023-40xx/CVE-2023-4045.json | 32 + CVE-2023/CVE-2023-40xx/CVE-2023-4046.json | 32 + CVE-2023/CVE-2023-40xx/CVE-2023-4047.json | 32 + CVE-2023/CVE-2023-40xx/CVE-2023-4048.json | 32 + CVE-2023/CVE-2023-40xx/CVE-2023-4049.json | 32 + CVE-2023/CVE-2023-40xx/CVE-2023-4050.json | 32 + CVE-2023/CVE-2023-40xx/CVE-2023-4051.json | 24 + CVE-2023/CVE-2023-40xx/CVE-2023-4052.json | 28 + CVE-2023/CVE-2023-40xx/CVE-2023-4053.json | 24 + README.md | 58 +- 28 files changed, 1853 insertions(+), 181 deletions(-) create mode 100644 CVE-2022/CVE-2022-399xx/CVE-2022-39986.json create mode 100644 CVE-2022/CVE-2022-399xx/CVE-2022-39987.json create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31710.json create mode 100644 CVE-2023/CVE-2023-346xx/CVE-2023-34634.json create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38357.json create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39108.json create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39109.json create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39110.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4045.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4046.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4047.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4048.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4049.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4050.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4051.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4052.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4053.json diff --git a/CVE-2022/CVE-2022-399xx/CVE-2022-39986.json b/CVE-2022/CVE-2022-399xx/CVE-2022-39986.json new file mode 100644 index 00000000000..4fb96e6fe92 --- /dev/null +++ b/CVE-2022/CVE-2022-399xx/CVE-2022-39986.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-39986", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T14:15:09.877", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-399xx/CVE-2022-39987.json b/CVE-2022/CVE-2022-399xx/CVE-2022-39987.json new file mode 100644 index 00000000000..e3a446c085b --- /dev/null +++ b/CVE-2022/CVE-2022-399xx/CVE-2022-39987.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-39987", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T14:15:09.937", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the \"entity\" POST parameters in /ajax/networking/get_wgkey.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.php", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25841.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25841.json index 05debfc8b14..ef038a8ce3a 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25841.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25841.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25841", "sourceIdentifier": "psirt@esri.com", "published": "2023-07-21T19:15:10.260", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T15:56:56.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@esri.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "psirt@esri.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.8.1", + "versionEndExcluding": "11.1", + "matchCriteriaId": "B9E2953E-FE3E-41D1-8A88-638C3DEED27F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/announcements/arcgis-server-security-2023-update-1-patch-available/", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30151.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30151.json index c834850c1d2..1dd4f5b8b21 100644 --- a/CVE-2023/CVE-2023-301xx/CVE-2023-30151.json +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30151.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30151", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-13T17:15:09.207", - "lastModified": "2023-08-01T01:15:10.693", - "vulnStatus": "Modified", + "lastModified": "2023-08-01T14:02:19.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,19 +17,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "baseScore": 9.8, + "baseSeverity": "CRITICAL" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 3.9, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31710.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31710.json new file mode 100644 index 00000000000..96645899164 --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31710.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31710", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T14:15:10.013", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/TP-Link/CVE-2023-31710", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json index 593d7b087f9..9f393dae69c 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json @@ -2,115 +2,14 @@ "id": "CVE-2023-3117", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-30T22:15:10.127", - "lastModified": "2023-07-07T17:11:07.733", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-01T14:15:11.253", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system." + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. \u00a0ConsultIDs: CVE-2023-3390. \u00a0Reason: This record is a duplicate of CVE-2023-3390. \u00a0Notes: All CVE users should reference CVE-2023-3390 instead of this record. \u00a0All references and descriptions in this record have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 1.8, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-416" - } - ] - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-416" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "6.4", - "matchCriteriaId": "18D12E25-2947-44E7-989D-24450E013A1F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", - "matchCriteriaId": "38BC6744-7D25-4C02-9966-B224CD071D30" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*", - "matchCriteriaId": "76061B41-CAE9-4467-BEDE-0FFC7956F2A1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*", - "matchCriteriaId": "A717BA5B-D535-46A0-A329-A25FE5CEC588" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*", - "matchCriteriaId": "89CC80C6-F1EE-4AC7-BD21-DB3217BADE87" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*", - "matchCriteriaId": "41EACEA1-FB69-4AF2-BC52-D39489858D42" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*", - "matchCriteriaId": "9E1C36BE-F9D8-40B6-8281-5B8F9B42322D" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", - "source": "secalert@redhat.com", - "tags": [ - "Patch" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34634.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34634.json new file mode 100644 index 00000000000..2d3fcb3c669 --- /dev/null +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34634.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-34634", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T14:15:10.070", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/173825/GreenShot-1.2.10-Arbitrary-Code-Execution.html", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c", + "source": "cve@mitre.org" + }, + { + "url": "https://greenshot.atlassian.net/browse/BUG-3061", + "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51633", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35392.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35392.json index b1f6e864567..78fc8752441 100644 --- a/CVE-2023/CVE-2023-353xx/CVE-2023-35392.json +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35392.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35392", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-21T18:15:10.247", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T15:42:05.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.1901.183", + "matchCriteriaId": "24B18462-97A3-46C9-BC7D-77B9BFF39702" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35392", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3603.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3603.json index 01667d01f12..b71db811d31 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3603.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3603.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3603", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-21T20:15:16.587", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T14:44:42.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +54,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libssh:libssh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B0EB43D-D594-43B0-AB33-5E8E1A6C8BEF" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3603", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221791", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37915.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37915.json index 5d4785fb305..6c696935ecf 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37915.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37915", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-21T21:15:11.400", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T15:47:10.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:objectcomputing:opendds:3.23.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9F178EAB-899A-4A2A-8536-CDDEBF2BF129" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OpenDDS/OpenDDS/releases/tag/DDS-3.25", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38173.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38173.json index 8f8b3c95a23..7cf3836ec74 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38173.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38173.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38173", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-21T18:15:10.347", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T15:41:11.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.1901.183", + "matchCriteriaId": "24B18462-97A3-46C9-BC7D-77B9BFF39702" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38173", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38187.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38187.json index ba731927aee..a4a6d4d4c40 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38187.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38187.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38187", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-21T18:15:10.420", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T15:35:07.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.1901.183", + "matchCriteriaId": "24B18462-97A3-46C9-BC7D-77B9BFF39702" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38187", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38357.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38357.json new file mode 100644 index 00000000000..5b3af35b5b0 --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38357.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-38357", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T15:15:09.703", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/173609/RWS-WorldServer-11.7.3-Session-Token-Enumeration.html", + "source": "cve@mitre.org" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/30", + "source": "cve@mitre.org" + }, + { + "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-001/-session-token-enumeration-in-rws-worldserver", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38523.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38523.json index c26cab40a29..59331283ad8 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38523.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38523.json @@ -2,59 +2,1054 @@ "id": "CVE-2023-38523", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T19:15:10.793", - "lastModified": "2023-07-21T12:52:36.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T15:24:35.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1115-wp-wh_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "242568EC-FB04-4F46-BC7A-038B9D530DC2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1115-wp-wh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0DB36659-A010-42C5-981F-9C7F9904AAE9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1122-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "142A8C5D-0501-490A-A1E5-15DED54284EA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1122-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A84E890B-9AE9-417C-A32C-50D1D5F3CC07" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1122-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "1D290ECA-0892-43ED-91D8-35FECEBB9928" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1122-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A5C46BA-B971-4E35-8983-06F593D3BE3E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1222-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "AC7066FC-1C9B-4533-A5F3-B0711BF4CEAE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1222-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "28EFB251-90A2-4882-AC89-8973448B3BBA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1222-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "55DFB8F7-F867-4288-8A52-3AE2B175852A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1222-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "14B76C3D-0AFC-4BC8-B6F4-7C89164374F1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1233-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "0CA5322B-A327-4E58-B1C1-E3AE108D6AD2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1233-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2475E4E8-39A2-4D70-91B2-C6FB1C4E8719" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1133-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "794A8F91-F018-4044-B8CD-4F22E42A4C22" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1133-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2EFB60A-9C2B-4F3E-BE7A-30855C379678" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1133-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "8F0CD7F4-BC9C-45F0-80C3-AA9351233BA9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1133-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "99B5A1B6-37B5-4331-B9EA-91322DFF9420" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1233-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "C8EFFFB6-DCC7-4DD8-86B6-94233E3A293F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1233-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A1824025-72A6-4DF9-83FF-0BD4EFB1EF65" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1133a-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "86942467-8B88-4E5C-B56C-58CCEF8C500E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1133a-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2AB98506-C4C2-43D6-B473-4D86CF0FEF6E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1233a-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "AA7F3E13-2333-44EE-B996-F9C32F47EE31" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1233a-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "934869C3-3F82-4C7F-B6DB-A91EB32FCC1C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1133a-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "75259D4C-2B65-4AF3-BB63-8B639EC50794" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1133a-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BA7341C-D2D7-4950-9D72-FB8162F63B5F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn1233a-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "D3A1CD85-581B-49EF-B848-63F8B164D47B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn1233a-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "860824F9-A35E-4765-9A38-1D8099B85EBD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2135-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "1F104BE9-0F1B-4905-B661-82F906566529" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2135-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "58C2595B-AACF-4250-BAD7-1C93621DFDF0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2235-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "A7B3440E-0BB6-4CE2-B994-DFC4D0096468" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2235-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "946DD963-3887-4D32-98CA-67D1C86BF882" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2235-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "36261E2D-85C9-4EF7-941D-34B4B3895EB6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2235-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "48590652-74D5-4A7A-9A6E-A76F6A16012A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2135-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "0D88EB5B-39B1-40E7-AAB9-D82AF2FFB255" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2135-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3773BEC6-F1EB-4CE5-85B1-B75205C929A2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2122-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "AF24741B-C3B8-48BA-969D-1ED366814867" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2122-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C6D57B9-A115-47EA-B4BD-3A091F98FC97" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2222-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "4D76FF58-029B-4EE6-ADE7-08282E701EA3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2222-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B34A169-692D-46C5-A2BC-518890D03E4B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2212-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "32257B4F-2FE9-4994-ACCD-740296CDFD24" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2212-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62D1EAC6-B2B0-418E-A3EA-B4B81ECC5C96" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2122-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "B8C475FF-85C5-4BDB-80E7-FD102AA9CAA5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2122-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4F3ACD46-6873-4F6C-9E63-A5B80C0FD961" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2222-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "0E26A9A1-B926-4697-A38F-F0DB7D2B43AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2222-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "54A5D48C-3988-4157-9516-C8A14C0AE768" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2212-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "52C84C09-CDD0-4A56-9D83-BCCEEF3E9D5C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2212-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "26DD7029-A1F9-4651-BD32-A10A0EDB2549" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2222a-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "0870E86A-845B-47BF-9541-BD33046F5DF6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2222a-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E7AAA0C-7CF1-4D61-8E15-A86B855D3A78" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2122a-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "9636CB2B-75D0-4D0A-AC86-AA0452A3F952" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2122a-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "48755959-AF58-4410-8FF3-712AC42F6F43" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2122a-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "B143678C-109E-4741-AA63-70A21E965102" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2122a-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7920A98-2CD1-4CBF-B9F0-190D785ADEF3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn2222a-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.61", + "matchCriteriaId": "15078D0B-1652-4130-971B-A097603D85DA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn2222a-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "337E1D96-5092-46BF-9136-23836EBE661E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn3132a-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.105", + "matchCriteriaId": "0F5FA567-6385-4BBE-BF38-385D7E87B796" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn3132a-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "73815387-4443-4D80-9C9D-83624D97C6AC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn3132a-c_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.105", + "matchCriteriaId": "00328B78-F4DB-4D52-88D2-0176A1BCF94D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn3132a-c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4690EB3D-04C4-479C-9B62-CDE18F14E28E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn3232a-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.105", + "matchCriteriaId": "C82AD426-4766-4C5C-9934-5ABC79C9EE45" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn3232a-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CEA1B659-911F-4AB9-8C0F-1474BF430414" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn3232a-c_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.105", + "matchCriteriaId": "DCE2A4EE-DF2C-4B69-AC1E-1B8439DCC5C4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn3232a-c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D7D9170-5505-4A9B-B8E1-B839578EC4B6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn4321-sa_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.00.06", + "matchCriteriaId": "37014A4D-36AB-40F7-AE7D-CB1E502E4A82" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn4321-sa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A65D4D7-AD55-43A4-ADB6-763C978D6EBB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:fgn4321-cd_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.00.06", + "matchCriteriaId": "4C151E3B-4616-44BF-8A86-37B34F891D6E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:fgn4321-cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "86EED9BA-4A77-4651-9E4D-DF3BB5E35E7F" + } + ] + } + ] + } + ], "references": [ { "url": "https://help.harmanpro.com/n1115-svsi-firmware", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/n1x22a-updater", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/n1x33-updater", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/n1x33a-updater", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/n2x35-updater-hotfix", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/n2x35a-updater-hotfix", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/n2xx2-updater-hotfix", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/n2xx2a-updater", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/n3k-updater-hotfix", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://help.harmanpro.com/svsi-n4321-firmware", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.notveg.ninja/blog/CVE-2023-38523/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3802.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3802.json index e77fb1a8851..754a098287a 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3802.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3802.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3802", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-21T00:15:10.537", - "lastModified": "2023-07-21T12:52:32.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T15:07:06.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -61,7 +83,7 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -69,20 +91,59 @@ "value": "CWE-434" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cdwanjiang:flash_flood_disaster_monitoring_and_warning_system:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "80BB5315-77A8-4369-84A4-D29CA1622991" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/GUIqizsq/cve/blob/main/upload_1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.235070", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235070", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39108.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39108.json new file mode 100644 index 00000000000..903c0fbb412 --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39108.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39108", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T14:15:10.137", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_b.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39109.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39109.json new file mode 100644 index 00000000000..f5bde3cf507 --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39109.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39109", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T14:15:10.193", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_a.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39110.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39110.json new file mode 100644 index 00000000000..5ddcdfc02e1 --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39110.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39110", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T14:15:10.247", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_%20ajaxGetFileByPath.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4045.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4045.json new file mode 100644 index 00000000000..f13d4d2b038 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4045.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4045", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:09.783", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1833876", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4046.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4046.json new file mode 100644 index 00000000000..b456f5f9d68 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4046.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4046", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:09.847", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837686", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4047.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4047.json new file mode 100644 index 00000000000..2b2b86c4255 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4047.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4047", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:09.903", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839073", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4048.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4048.json new file mode 100644 index 00000000000..0ea4a11ef05 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4048.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4048", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:09.967", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841368", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4049.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4049.json new file mode 100644 index 00000000000..c32bc65b1d3 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4049.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4049", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:10.030", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842658", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4050.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4050.json new file mode 100644 index 00000000000..096720179de --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4050.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4050", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:10.090", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843038", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4051.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4051.json new file mode 100644 index 00000000000..f86a5ffdc81 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4051.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4051", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:10.147", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821884", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4052.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4052.json new file mode 100644 index 00000000000..9cdcf642023 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4052.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-4052", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:10.207", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1824420", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4053.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4053.json new file mode 100644 index 00000000000..d59f614b9b4 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4053.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4053", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T15:15:10.267", + "lastModified": "2023-08-01T15:25:40.337", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839079", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b54414af722..2886069e524 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-01T14:00:29.325562+00:00 +2023-08-01T16:00:27.501449+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-01T13:50:50.473000+00:00 +2023-08-01T15:56:56.813000+00:00 ``` ### Last Data Feed Release @@ -29,40 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221358 +221375 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `17` -* [CVE-2023-37478](CVE-2023/CVE-2023-374xx/CVE-2023-37478.json) (`2023-08-01T12:15:09.937`) +* [CVE-2022-39986](CVE-2022/CVE-2022-399xx/CVE-2022-39986.json) (`2023-08-01T14:15:09.877`) +* [CVE-2022-39987](CVE-2022/CVE-2022-399xx/CVE-2022-39987.json) (`2023-08-01T14:15:09.937`) +* [CVE-2023-31710](CVE-2023/CVE-2023-317xx/CVE-2023-31710.json) (`2023-08-01T14:15:10.013`) +* [CVE-2023-34634](CVE-2023/CVE-2023-346xx/CVE-2023-34634.json) (`2023-08-01T14:15:10.070`) +* [CVE-2023-39108](CVE-2023/CVE-2023-391xx/CVE-2023-39108.json) (`2023-08-01T14:15:10.137`) +* [CVE-2023-39109](CVE-2023/CVE-2023-391xx/CVE-2023-39109.json) (`2023-08-01T14:15:10.193`) +* [CVE-2023-39110](CVE-2023/CVE-2023-391xx/CVE-2023-39110.json) (`2023-08-01T14:15:10.247`) +* [CVE-2023-38357](CVE-2023/CVE-2023-383xx/CVE-2023-38357.json) (`2023-08-01T15:15:09.703`) +* [CVE-2023-4045](CVE-2023/CVE-2023-40xx/CVE-2023-4045.json) (`2023-08-01T15:15:09.783`) +* [CVE-2023-4046](CVE-2023/CVE-2023-40xx/CVE-2023-4046.json) (`2023-08-01T15:15:09.847`) +* [CVE-2023-4047](CVE-2023/CVE-2023-40xx/CVE-2023-4047.json) (`2023-08-01T15:15:09.903`) +* [CVE-2023-4048](CVE-2023/CVE-2023-40xx/CVE-2023-4048.json) (`2023-08-01T15:15:09.967`) +* [CVE-2023-4049](CVE-2023/CVE-2023-40xx/CVE-2023-4049.json) (`2023-08-01T15:15:10.030`) +* [CVE-2023-4050](CVE-2023/CVE-2023-40xx/CVE-2023-4050.json) (`2023-08-01T15:15:10.090`) +* [CVE-2023-4051](CVE-2023/CVE-2023-40xx/CVE-2023-4051.json) (`2023-08-01T15:15:10.147`) +* [CVE-2023-4052](CVE-2023/CVE-2023-40xx/CVE-2023-4052.json) (`2023-08-01T15:15:10.207`) +* [CVE-2023-4053](CVE-2023/CVE-2023-40xx/CVE-2023-4053.json) (`2023-08-01T15:15:10.267`) ### CVEs modified in the last Commit -Recently modified CVEs: `20` +Recently modified CVEs: `10` -* [CVE-2020-10962](CVE-2020/CVE-2020-109xx/CVE-2020-10962.json) (`2023-08-01T12:55:38.437`) -* [CVE-2022-42182](CVE-2022/CVE-2022-421xx/CVE-2022-42182.json) (`2023-08-01T12:55:38.437`) -* [CVE-2022-42183](CVE-2022/CVE-2022-421xx/CVE-2022-42183.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-37903](CVE-2023/CVE-2023-379xx/CVE-2023-37903.json) (`2023-08-01T12:55:19.457`) -* [CVE-2023-3983](CVE-2023/CVE-2023-39xx/CVE-2023-3983.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-39122](CVE-2023/CVE-2023-391xx/CVE-2023-39122.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-3462](CVE-2023/CVE-2023-34xx/CVE-2023-3462.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-3825](CVE-2023/CVE-2023-38xx/CVE-2023-3825.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-37496](CVE-2023/CVE-2023-374xx/CVE-2023-37496.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-37772](CVE-2023/CVE-2023-377xx/CVE-2023-37772.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-4033](CVE-2023/CVE-2023-40xx/CVE-2023-4033.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-34960](CVE-2023/CVE-2023-349xx/CVE-2023-34960.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-36983](CVE-2023/CVE-2023-369xx/CVE-2023-36983.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-36984](CVE-2023/CVE-2023-369xx/CVE-2023-36984.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-26139](CVE-2023/CVE-2023-261xx/CVE-2023-26139.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-23548](CVE-2023/CVE-2023-235xx/CVE-2023-23548.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-32302](CVE-2023/CVE-2023-323xx/CVE-2023-32302.json) (`2023-08-01T12:55:38.437`) -* [CVE-2023-37905](CVE-2023/CVE-2023-379xx/CVE-2023-37905.json) (`2023-08-01T13:39:10.290`) -* [CVE-2023-38195](CVE-2023/CVE-2023-381xx/CVE-2023-38195.json) (`2023-08-01T13:46:25.913`) -* [CVE-2023-38632](CVE-2023/CVE-2023-386xx/CVE-2023-38632.json) (`2023-08-01T13:50:50.473`) +* [CVE-2023-30151](CVE-2023/CVE-2023-301xx/CVE-2023-30151.json) (`2023-08-01T14:02:19.910`) +* [CVE-2023-3117](CVE-2023/CVE-2023-31xx/CVE-2023-3117.json) (`2023-08-01T14:15:11.253`) +* [CVE-2023-3603](CVE-2023/CVE-2023-36xx/CVE-2023-3603.json) (`2023-08-01T14:44:42.517`) +* [CVE-2023-3802](CVE-2023/CVE-2023-38xx/CVE-2023-3802.json) (`2023-08-01T15:07:06.753`) +* [CVE-2023-38523](CVE-2023/CVE-2023-385xx/CVE-2023-38523.json) (`2023-08-01T15:24:35.470`) +* [CVE-2023-38187](CVE-2023/CVE-2023-381xx/CVE-2023-38187.json) (`2023-08-01T15:35:07.063`) +* [CVE-2023-38173](CVE-2023/CVE-2023-381xx/CVE-2023-38173.json) (`2023-08-01T15:41:11.363`) +* [CVE-2023-35392](CVE-2023/CVE-2023-353xx/CVE-2023-35392.json) (`2023-08-01T15:42:05.133`) +* [CVE-2023-37915](CVE-2023/CVE-2023-379xx/CVE-2023-37915.json) (`2023-08-01T15:47:10.000`) +* [CVE-2023-25841](CVE-2023/CVE-2023-258xx/CVE-2023-25841.json) (`2023-08-01T15:56:56.813`) ## Download and Usage