From 891bf52eb418a399fe14a4d9f9f8962207b55cf1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 21 Sep 2023 20:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-21T20:00:24.924457+00:00 --- .../CVE-2019-10102xx/CVE-2019-1010283.json | 14 +- CVE-2022/CVE-2022-475xx/CVE-2022-47554.json | 99 ++++- CVE-2022/CVE-2022-475xx/CVE-2022-47559.json | 95 ++++- CVE-2023/CVE-2023-07xx/CVE-2023-0773.json | 354 +++++++++++++++++- CVE-2023/CVE-2023-239xx/CVE-2023-23957.json | 67 +++- CVE-2023/CVE-2023-25xx/CVE-2023-2567.json | 79 +++- CVE-2023/CVE-2023-261xx/CVE-2023-26143.json | 71 +++- CVE-2023/CVE-2023-292xx/CVE-2023-29245.json | 79 +++- CVE-2023/CVE-2023-300xx/CVE-2023-30013.json | 8 +- CVE-2023/CVE-2023-320xx/CVE-2023-32003.json | 16 +- CVE-2023/CVE-2023-326xx/CVE-2023-32649.json | 79 +++- CVE-2023/CVE-2023-385xx/CVE-2023-38582.json | 63 +++- CVE-2023/CVE-2023-390xx/CVE-2023-39058.json | 74 +++- CVE-2023/CVE-2023-394xx/CVE-2023-39446.json | 63 +++- CVE-2023/CVE-2023-394xx/CVE-2023-39452.json | 63 +++- CVE-2023/CVE-2023-400xx/CVE-2023-40019.json | 14 +- CVE-2023/CVE-2023-404xx/CVE-2023-40442.json | 10 +- CVE-2023/CVE-2023-406xx/CVE-2023-40619.json | 68 +++- CVE-2023/CVE-2023-40xx/CVE-2023-4094.json | 56 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4096.json | 58 ++- CVE-2023/CVE-2023-410xx/CVE-2023-41064.json | 20 +- CVE-2023/CVE-2023-419xx/CVE-2023-41990.json | 10 +- CVE-2023/CVE-2023-419xx/CVE-2023-41991.json | 36 ++ CVE-2023/CVE-2023-419xx/CVE-2023-41992.json | 40 ++ CVE-2023/CVE-2023-419xx/CVE-2023-41993.json | 32 ++ CVE-2023/CVE-2023-422xx/CVE-2023-42279.json | 24 ++ CVE-2023/CVE-2023-422xx/CVE-2023-42280.json | 20 + CVE-2023/CVE-2023-423xx/CVE-2023-42399.json | 73 +++- CVE-2023/CVE-2023-424xx/CVE-2023-42441.json | 77 +++- CVE-2023/CVE-2023-425xx/CVE-2023-42520.json | 171 ++++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42810.json | 67 ++++ CVE-2023/CVE-2023-433xx/CVE-2023-43375.json | 67 +++- CVE-2023/CVE-2023-433xx/CVE-2023-43376.json | 66 +++- CVE-2023/CVE-2023-433xx/CVE-2023-43377.json | 68 +++- CVE-2023/CVE-2023-50xx/CVE-2023-5009.json | 70 +++- CVE-2023/CVE-2023-50xx/CVE-2023-5054.json | 32 +- README.md | 70 ++-- 37 files changed, 2211 insertions(+), 162 deletions(-) create mode 100644 CVE-2023/CVE-2023-419xx/CVE-2023-41991.json create mode 100644 CVE-2023/CVE-2023-419xx/CVE-2023-41992.json create mode 100644 CVE-2023/CVE-2023-419xx/CVE-2023-41993.json create mode 100644 CVE-2023/CVE-2023-422xx/CVE-2023-42279.json create mode 100644 CVE-2023/CVE-2023-422xx/CVE-2023-42280.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42810.json diff --git a/CVE-2019/CVE-2019-10102xx/CVE-2019-1010283.json b/CVE-2019/CVE-2019-10102xx/CVE-2019-1010283.json index b955ef1efd1..a37c81a17da 100644 --- a/CVE-2019/CVE-2019-10102xx/CVE-2019-1010283.json +++ b/CVE-2019/CVE-2019-10102xx/CVE-2019-1010283.json @@ -2,8 +2,8 @@ "id": "CVE-2019-1010283", "sourceIdentifier": "josh@bress.net", "published": "2019-07-17T21:15:11.013", - "lastModified": "2019-10-09T23:44:18.820", - "vulnStatus": "Modified", + "lastModified": "2023-09-21T18:27:26.013", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -94,9 +94,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:univention:univention_corporate_server:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:o:univention:univention_corporate_server:*:*:*:*:*:*:*:*", "versionEndIncluding": "12.0.1-3", - "matchCriteriaId": "B90B497F-E2CC-400B-99E3-00EFB63A658A" + "matchCriteriaId": "3303CE7F-26C3-4317-9374-839FB391EB39" } ] } diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47554.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47554.json index e45c32b2396..cc2ba03b7cb 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47554.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47554.json @@ -2,16 +2,40 @@ "id": "CVE-2022-47554", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-09-19T13:16:19.653", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T19:44:10.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPPORTED WHEN ASSIGNED ** Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server." + }, + { + "lang": "es", + "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Exposici\u00f3n de informaci\u00f3n sensible en ekorCCP y ekorRCI, permitiendo potencialmente a un atacante remoto obtener informaci\u00f3n cr\u00edtica de varios archivos .xml, incluidos archivos .xml que contienen credenciales, sin estar autenticado dentro del servidor web." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,69 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*", + "matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*", + "matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47559.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47559.json index 6c9ae9ea1e8..96874461f3b 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47559.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47559.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47559", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-09-19T14:15:15.807", - "lastModified": "2023-09-19T17:57:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T19:53:58.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +80,69 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*", + "matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*", + "matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0773.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0773.json index ca5eff6ff7c..d31bb01af43 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0773.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0773.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0773", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2023-09-19T10:15:07.743", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T19:24:14.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "vdisclose@cert-in.org.in", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "vdisclose@cert-in.org.in", "type": "Secondary", @@ -50,14 +80,330 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "cipc-b2303.2.8.230105", + "matchCriteriaId": "B5C7EDBF-EB9D-442F-ADA7-100AFC0D7286" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1213.6.5.230215", + "matchCriteriaId": "D008165F-F5E4-4016-BDB2-0864E4F02A29" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1216.5.7.230109", + "matchCriteriaId": "1FFB54FF-9206-4C1D-8AAA-E42FE8BB0093" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1221.3.5.221202", + "matchCriteriaId": "52498C65-6EB4-42A5-BF79-13523E20A0C9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1222.3.8.230223", + "matchCriteriaId": "56A662E6-FFF9-47EB-868D-DE16F886C581" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1225.3.3.221123", + "matchCriteriaId": "7E5B7EB5-E269-4185-BBF8-4D23A6E2E9BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1226.3.6.230105", + "matchCriteriaId": "BEF7FC48-2097-4194-A45B-E1F6347F33E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1219.2.67.221019", + "matchCriteriaId": "23F6F87F-223D-4957-82F9-21E756833871" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1223.3.3.221123", + "matchCriteriaId": "09393513-A9F8-4DC9-9492-2474C245E1D2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1228.2.65.230207", + "matchCriteriaId": "36C5053B-2A20-423E-96B6-6D5CDCF76A1B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "dipc-b1229.1.67.230104", + "matchCriteriaId": "370A62EA-B1D2-4D52-A872-B974A2CA6CD5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5298AFB-78CE-4658-8BBA-B8B493B888A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm", - "source": "vdisclose@cert-in.org.in" + "source": "vdisclose@cert-in.org.in", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270", - "source": "vdisclose@cert-in.org.in" + "source": "vdisclose@cert-in.org.in", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23957.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23957.json index 7b0cf263c1a..df596e2a500 100644 --- a/CVE-2023/CVE-2023-239xx/CVE-2023-23957.json +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23957.json @@ -2,19 +2,78 @@ "id": "CVE-2023-23957", "sourceIdentifier": "secure@symantec.com", "published": "2023-09-19T13:16:21.653", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T19:50:10.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authenticated user can see and modify the value for \u2018next\u2019 query parameter in Symantec Identity Portal 14.4" + }, + { + "lang": "es", + "value": "Un usuario autenticado puede ver y modificar el valor del par\u00e1metro de consulta 'next' en Symantec Identity Portal 14.4" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:symantec:identity_portal:14.4:*:*:*:*:*:*:*", + "matchCriteriaId": "64E2DBBA-7E83-4EDA-9234-68A46C1B11C7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22544", - "source": "secure@symantec.com" + "source": "secure@symantec.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2567.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2567.json index 557949b408c..d998f1babe3 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2567.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2567.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2567", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-09-19T11:16:19.333", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:59:18.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -50,10 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.6.0", + "versionEndExcluding": "22.6.3", + "matchCriteriaId": "6F56421F-B321-4FF0-BFE4-867649B582BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.1.0", + "matchCriteriaId": "C27BB1A9-96D5-4B46-B187-670EABD91C48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.6.0", + "versionEndExcluding": "22.6.3", + "matchCriteriaId": "4B3C9AEC-3A2D-4702-BC84-41595F30430D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.1.0", + "matchCriteriaId": "981F37FF-F82D-46CB-B9E7-F16F319583F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.nozominetworks.com/NN-2023:9-01", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26143.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26143.json index 435248dc4ea..4a8a9987812 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26143.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26143.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26143", "sourceIdentifier": "report@snyk.io", "published": "2023-09-19T05:17:10.443", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T19:28:36.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "report@snyk.io", "type": "Secondary", @@ -38,18 +58,59 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blamer_project:blamer:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "1.0.4", + "matchCriteriaId": "A8E6FC04-030F-4B2D-9484-213E324BBB7A" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/lirantal/14c3686370a86461f555d3f0703e02f9", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/kucherenko/blamer/commit/0965877f115753371a2570f10a63c455d2b2cde3", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Patch" + ] }, { "url": "https://security.snyk.io/vuln/SNYK-JS-BLAMER-5731318", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-292xx/CVE-2023-29245.json b/CVE-2023/CVE-2023-292xx/CVE-2023-29245.json index b40a83ef984..d84aa4416b5 100644 --- a/CVE-2023/CVE-2023-292xx/CVE-2023-29245.json +++ b/CVE-2023/CVE-2023-292xx/CVE-2023-29245.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29245", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-09-19T11:16:18.100", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:52:45.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -50,10 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.6.0", + "versionEndExcluding": "22.6.3", + "matchCriteriaId": "6F56421F-B321-4FF0-BFE4-867649B582BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.1.0", + "matchCriteriaId": "C27BB1A9-96D5-4B46-B187-670EABD91C48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.6.0", + "versionEndExcluding": "22.6.3", + "matchCriteriaId": "4B3C9AEC-3A2D-4702-BC84-41595F30430D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.1.0", + "matchCriteriaId": "981F37FF-F82D-46CB-B9E7-F16F319583F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.nozominetworks.com/NN-2023:11-01", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30013.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30013.json index 6f12b1d55ae..a170c4272ef 100644 --- a/CVE-2023/CVE-2023-300xx/CVE-2023-30013.json +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30013.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30013", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-05T14:15:09.147", - "lastModified": "2023-05-11T17:14:10.497", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-21T18:15:11.887", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -81,6 +81,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174799/TOTOLINK-Wireless-Routers-Remote-Command-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/2", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32003.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32003.json index e0e124047d4..3fcb5544f51 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32003.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32003.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32003", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-15T16:15:10.970", - "lastModified": "2023-09-15T14:15:09.857", - "vulnStatus": "Modified", + "lastModified": "2023-09-21T19:38:19.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." + }, + { + "lang": "es", + "value": "fs.mkdtemp()' y 'fs.mkdtempSync()' se pueden usar para omitir la comprobaci\u00f3n del modelo de permisos mediante un ataque Path Traversal. Esta falla surge de una comprobaci\u00f3n faltante en la API fs.mkdtemp() y el impacto es que un actor malicioso podr\u00eda crear un directorio arbitrario. Esta vulnerabilidad afecta a todos los usuarios que usan el modelo de permisos experimental en Node.js 20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permisos es una caracter\u00edstica experimental de Node.js." } ], "metrics": { @@ -56,8 +60,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", + "versionStartIncluding": "20.0.0", "versionEndIncluding": "20.5.0", - "matchCriteriaId": "C643F785-3B58-442C-802A-5ED5D5D6566A" + "matchCriteriaId": "145E971E-F0AF-49A7-8A9C-3AAFE01C076B" } ] } @@ -110,7 +115,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230915-0009/", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32649.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32649.json index f110a15e290..1f28fba3dcf 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32649.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32649.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32649", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-09-19T11:16:20.297", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T19:04:51.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -50,10 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.6.0", + "versionEndExcluding": "22.6.3", + "matchCriteriaId": "6F56421F-B321-4FF0-BFE4-867649B582BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.1.0", + "matchCriteriaId": "C27BB1A9-96D5-4B46-B187-670EABD91C48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.6.0", + "versionEndExcluding": "22.6.3", + "matchCriteriaId": "4B3C9AEC-3A2D-4702-BC84-41595F30430D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.1.0", + "matchCriteriaId": "981F37FF-F82D-46CB-B9E7-F16F319583F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.nozominetworks.com/NN-2023:10-01", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38582.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38582.json index 33a59764d38..d9e21c3357a 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38582.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38582.json @@ -2,16 +2,40 @@ "id": "CVE-2023-38582", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-09-18T21:15:54.693", - "lastModified": "2023-09-19T03:37:34.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T19:39:11.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\n\n\n\n\nPersistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.\n\n\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Cross-Site Sripting persistente (XSS) en la aplicaci\u00f3n web de MOD3GP-SY-120K permite a un atacante remoto autenticado introducir JavaScript arbitrario inyectando un payload XSS en el campo MAIL_RCV. Cuando un usuario leg\u00edtimo intenta acceder a la p\u00e1gina vulnerable de la aplicaci\u00f3n web, se ejecutar\u00e1 un payload XSS. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +70,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*", + "matchCriteriaId": "A69C11D7-9B54-4F66-95F3-33B8E6F9E37B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7C795C90-1E56-4F38-B637-6C12DEAF6541" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39058.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39058.json index a332df46edb..730bf5e0015 100644 --- a/CVE-2023/CVE-2023-390xx/CVE-2023-39058.json +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39058.json @@ -2,23 +2,87 @@ "id": "CVE-2023-39058", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T21:15:55.103", - "lastModified": "2023-09-19T03:37:18.983", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-21T19:33:37.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages." + }, + { + "lang": "es", + "value": "Una fuga de informaci\u00f3n en THE_B_members tarjeta v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:the_b_members_card_project:the_b_members_card:13.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FD5D8BD6-D9E4-4914-AA4C-87EADAAF0D44" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://thebmembers.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Not Applicable" + ] }, { "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39058.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39446.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39446.json index 06e08ee4745..bf98a06ca1e 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39446.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39446.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39446", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-09-18T21:15:56.117", - "lastModified": "2023-09-19T03:37:18.983", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:36:06.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\n\n\nThanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Gracias a las debilidades que tiene la aplicaci\u00f3n web a nivel de administraci\u00f3n de usuarios, un atacante podr\u00eda obtener la informaci\u00f3n de los encabezados necesaria para crear URL especialmente dise\u00f1adas y originar acciones maliciosas cuando un usuario leg\u00edtimo inicia sesi\u00f3n en la aplicaci\u00f3n web." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +70,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*", + "matchCriteriaId": "A69C11D7-9B54-4F66-95F3-33B8E6F9E37B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7C795C90-1E56-4F38-B637-6C12DEAF6541" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39452.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39452.json index 0dcabbb5368..af2ffd08847 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39452.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39452.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39452", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-09-18T21:16:04.367", - "lastModified": "2023-09-19T03:37:18.983", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:30:29.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** La aplicaci\u00f3n web propietaria del dispositivo almacena claramente las credenciales dentro de la secci\u00f3n de administraci\u00f3n de usuarios. La obtenci\u00f3n de esta informaci\u00f3n se puede hacer de forma remota debido a la gesti\u00f3n incorrecta de las sesiones en la aplicaci\u00f3n web. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +70,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*", + "matchCriteriaId": "A69C11D7-9B54-4F66-95F3-33B8E6F9E37B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7C795C90-1E56-4F38-B637-6C12DEAF6541" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40019.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40019.json index 087cdcdbaf9..db5eec88910 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40019.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40019.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40019", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-15T20:15:09.637", - "lastModified": "2023-09-21T17:59:10.547", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-21T18:04:04.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,19 +21,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseScore": 6.5, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.8, "impactScore": 3.6 }, { diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40442.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40442.json index d3f42b69fbd..ed2add9a900 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40442.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40442.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40442", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-12T00:15:09.203", - "lastModified": "2023-09-13T03:47:53.460", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-21T19:15:10.193", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information." + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en iOS 15.7.8 y iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40619.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40619.json index b0528e97f0a..f7f9ca220de 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40619.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40619.json @@ -2,19 +2,79 @@ "id": "CVE-2023-40619", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T18:15:12.433", - "lastModified": "2023-09-20T18:27:45.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:20:39.203", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized." + }, + { + "lang": "es", + "value": "phpPgAdmin 7.14.4 y versiones anteriores son vulnerables a la sanitizaci\u00f3n de datos que no son de confianza, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo porque los datos controlados por el usuario se pasan directamente a la funci\u00f3n PHP 'unserialize()' en varios lugares. Un ejemplo es la funcionalidad para administrar tablas en 'tables.php' donde se deserializa el par\u00e1metro POST 'ma[]'." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phppgadmin_project:phppgadmin:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.14.4", + "matchCriteriaId": "CFC4DC01-9BEB-43FC-A53B-FE23FBD57EAA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4094.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4094.json index 065b325733f..945e86fa699 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4094.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4094.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4094", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-09-19T14:15:22.833", - "lastModified": "2023-09-19T17:57:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:58:46.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5718D4D2-D570-4848-A1BA-031A0E8C548A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4096.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4096.json index 69459286c33..877db3d5f68 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4096.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4096.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4096", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-09-19T14:15:25.567", - "lastModified": "2023-09-19T17:57:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T19:24:07.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -38,10 +58,42 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-640" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5718D4D2-D570-4848-A1BA-031A0E8C548A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json index 795d9e8a2c7..c65d0c5e6a4 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41064", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-07T18:15:07.727", - "lastModified": "2023-09-18T13:15:08.607", + "lastModified": "2023-09-21T19:15:10.657", "vulnStatus": "Modified", "cisaExploitAdd": "2023-09-11", "cisaActionDue": "2023-10-02", @@ -11,7 +11,11 @@ "descriptions": [ { "lang": "en", - "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de Desbordamiento de B\u00fafer de manejo de la memoria mejorada. Este problema se solucion\u00f3 en macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 y iPadOS 16.6.1, iOS 15.7.9 y iPadOS 15.7.9. El procesamiento de una imagen creada con fines maliciosos puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple est\u00e1 al tanto de un informe de que este problema puede haber sido explotado activamente." } ], "metrics": { @@ -109,18 +113,6 @@ } ], "references": [ - { - "url": "http://seclists.org/fulldisclosure/2023/Sep/7", - "source": "product-security@apple.com" - }, - { - "url": "http://seclists.org/fulldisclosure/2023/Sep/8", - "source": "product-security@apple.com" - }, - { - "url": "http://seclists.org/fulldisclosure/2023/Sep/9", - "source": "product-security@apple.com" - }, { "url": "https://support.apple.com/en-us/HT213905", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41990.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41990.json index 5c78e1f104a..355bf77fa97 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41990.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41990.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41990", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-12T00:15:09.463", - "lastModified": "2023-09-13T03:47:13.607", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-21T19:15:10.970", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, iOS 15.7.8 and iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1." + "value": "The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en macOS Ventura 13.2, iOS 15.7.8 y iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 y iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. El procesamiento de un archivo de fuente puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS lanzadas antes de iOS 15.7.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json new file mode 100644 index 00000000000..1ddc0e1afde --- /dev/null +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-41991", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-09-21T19:15:11.283", + "lastModified": "2023-09-21T19:15:11.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213926", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213927", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213928", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213929", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213931", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json new file mode 100644 index 00000000000..fca2f2db9e2 --- /dev/null +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-41992", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-09-21T19:15:11.520", + "lastModified": "2023-09-21T19:15:11.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213926", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213927", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213928", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213929", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213931", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213932", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json new file mode 100644 index 00000000000..a2bd07936ec --- /dev/null +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-41993", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-09-21T19:15:11.660", + "lastModified": "2023-09-21T19:15:11.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213926", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213927", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213930", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213931", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-422xx/CVE-2023-42279.json b/CVE-2023/CVE-2023-422xx/CVE-2023-42279.json new file mode 100644 index 00000000000..ef5d74d761b --- /dev/null +++ b/CVE-2023/CVE-2023-422xx/CVE-2023-42279.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42279", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-21T18:15:12.200", + "lastModified": "2023-09-21T18:15:12.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dreamer CMS 4.1.3 is vulnerable to SQL Injection." + }, + { + "lang": "es", + "value": "Dreamer CMS 4.1.3 es vulnerable a la inyecci\u00f3n SQL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zaizainani/-Vulnerability-recurrence-sorting/blob/main/sqlattack-en.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-422xx/CVE-2023-42280.json b/CVE-2023/CVE-2023-422xx/CVE-2023-42280.json new file mode 100644 index 00000000000..4a78ced65ce --- /dev/null +++ b/CVE-2023/CVE-2023-422xx/CVE-2023-42280.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42280", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-21T19:15:11.823", + "lastModified": "2023-09-21T19:15:11.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zaizainani/-Vulnerability-recurrence-sorting/blob/main/anyfiledown-en.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42399.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42399.json index d4d8321aab1..60b698bc804 100644 --- a/CVE-2023/CVE-2023-423xx/CVE-2023-42399.json +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42399.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42399", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-19T04:15:55.347", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:39:59.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,80 @@ "value": "La vulnerabilidad de Cross Site Scripting en xdsoft.net Jodit Editor v.4.0.0-beta.86 permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s del componente editor de texto enriquecido." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xdsoft:joditeditor:4.0.0:beta86:*:*:*:*:*:*", + "matchCriteriaId": "74969402-E432-4197-BF0A-E2B20187D58C" + } + ] + } + ] + } + ], "references": [ { "url": "http://jodit.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/xdan/jodit/issues/1017", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://xdsoft.net", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42441.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42441.json index 2e2b9aac92c..ccaecac52e5 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42441.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42441.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42441", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-18T21:16:09.750", - "lastModified": "2023-09-19T03:37:18.983", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:19:21.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant(\"\")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string." + }, + { + "lang": "es", + "value": "Vyper es un Lenguaje de Contrato Inteligente de Python para la M\u00e1quina Virtual Ethereum (EVM). A partir de la versi\u00f3n 0.2.9 y anteriores a la versi\u00f3n 0.3.10, los bloqueos del tipo '@nonreentrant(\"\")' o '@nonreentrant('')' no producen comprobaciones de reentrada en tiempo de ejecuci\u00f3n. Este problema se corrigi\u00f3 en la versi\u00f3n 0.3.10. Como workaround, aseg\u00farese de que el nombre del bloqueo sea una cadena no vac\u00eda." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +80,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", + "versionStartIncluding": "0.2.9", + "versionEndExcluding": "0.3.10", + "matchCriteriaId": "A72ADE58-4A32-4163-9E4D-E79413B0AEFE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/vyperlang/vyper/pull/3605", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42520.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42520.json index 6f161ccee07..399b5608856 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42520.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42520.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42520", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T06:15:08.060", - "lastModified": "2023-09-18T13:26:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:13:17.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,174 @@ "value": "Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo mediante el desempaquetado de archivos de datos manipulados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*", + "matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.withsecure.com/en/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json new file mode 100644 index 00000000000..c4550b47142 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-42810", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-21T18:15:12.327", + "lastModified": "2023-09-21T18:15:12.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only)." + }, + { + "lang": "es", + "value": "systeminformation es System Information Library para Node.JS. Las versiones 5.0.0 a 5.21.6 tienen una vulnerabilidad de inyecci\u00f3n de comando SSID. El problema se solucion\u00f3 con una verificaci\u00f3n de par\u00e1metros en la versi\u00f3n 5.21.7. Como workaround, verifique o sanitize las cadenas de par\u00e1metros que se pasan a `wifiConnections()`, `wifiNetworks()` (solo cadena)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3v", + "source": "security-advisories@github.com" + }, + { + "url": "https://systeminformation.io/security.html", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43375.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43375.json index b4b0c934009..1ca8d9fc268 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43375.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43375.json @@ -2,19 +2,78 @@ "id": "CVE-2023-43375", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T19:15:12.413", - "lastModified": "2023-09-20T20:18:37.780", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-21T18:41:49.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Hoteldruid v3.0.5 contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en /hoteldruid/clienti.php a trav\u00e9s de los par\u00e1metros annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita y mesescaddoc." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D702D98A-1616-4D1A-90F0-CEE49FB8707F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43376.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43376.json index c72b9749f0f..9e1bf2d7f01 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43376.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43376.json @@ -2,19 +2,79 @@ "id": "CVE-2023-43376", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T19:15:12.487", - "lastModified": "2023-09-20T20:18:37.780", + "lastModified": "2023-09-21T18:36:11.620", "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en /hoteldruid/clienti.php de Hoteldruid v3.0.5 permite a los atacantes ejecutar scrips web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado inyectada en el par\u00e1metro nometiporiffa1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D702D98A-1616-4D1A-90F0-CEE49FB8707F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43377.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43377.json index 8cc1cae0492..f910481869b 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43377.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43377.json @@ -2,19 +2,79 @@ "id": "CVE-2023-43377", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T19:15:12.723", - "lastModified": "2023-09-20T20:18:37.780", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-21T18:35:37.720", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en /hoteldruid/visualizza_contratto.php de Hoteldruid v3.0.5 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro destinatario_email1.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D702D98A-1616-4D1A-90F0-CEE49FB8707F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json index 3838637d272..9665dfbd729 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5009", "sourceIdentifier": "cve@gitlab.com", "published": "2023-09-19T08:16:07.203", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:44:15.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,14 +80,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "13.12", + "versionEndExcluding": "16.2.7", + "matchCriteriaId": "705EDAB3-930B-4B00-BAD7-B5035FB0B1F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.3", + "versionEndExcluding": "16.3.4", + "matchCriteriaId": "5CCAE929-1AE7-4E4E-BBF9-3D2A7D1ACBDA" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425304", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/2147126", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5054.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5054.json index d9f77351b17..2bb0be4aa64 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5054.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5054.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5054", "sourceIdentifier": "security@wordfence.com", "published": "2023-09-19T07:15:51.917", - "lastModified": "2023-09-19T13:23:09.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T18:41:03.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,14 +50,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:superstorefinder:super_store_finder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.9.2", + "matchCriteriaId": "0E4FE222-85BB-4D75-92B9-CF331B60348A" + } + ] + } + ] + } + ], "references": [ { "url": "https://superstorefinder.net/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d31d0553-9378-4c7e-a258-12562aa6b388?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 838e489dab0..4133165d626 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-21T18:00:25.216347+00:00 +2023-09-21T20:00:24.924457+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-21T17:59:10.547000+00:00 +2023-09-21T19:53:58.710000+00:00 ``` ### Last Data Feed Release @@ -29,50 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226005 +226011 ``` ### CVEs added in the last Commit Recently added CVEs: `6` -* [CVE-2023-42456](CVE-2023/CVE-2023-424xx/CVE-2023-42456.json) (`2023-09-21T16:15:09.980`) -* [CVE-2023-34577](CVE-2023/CVE-2023-345xx/CVE-2023-34577.json) (`2023-09-21T17:15:16.050`) -* [CVE-2023-42458](CVE-2023/CVE-2023-424xx/CVE-2023-42458.json) (`2023-09-21T17:15:22.483`) -* [CVE-2023-42805](CVE-2023/CVE-2023-428xx/CVE-2023-42805.json) (`2023-09-21T17:15:23.353`) -* [CVE-2023-42806](CVE-2023/CVE-2023-428xx/CVE-2023-42806.json) (`2023-09-21T17:15:23.583`) -* [CVE-2023-42807](CVE-2023/CVE-2023-428xx/CVE-2023-42807.json) (`2023-09-21T17:15:23.950`) +* [CVE-2023-42279](CVE-2023/CVE-2023-422xx/CVE-2023-42279.json) (`2023-09-21T18:15:12.200`) +* [CVE-2023-42810](CVE-2023/CVE-2023-428xx/CVE-2023-42810.json) (`2023-09-21T18:15:12.327`) +* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2023-09-21T19:15:11.283`) +* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2023-09-21T19:15:11.520`) +* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-09-21T19:15:11.660`) +* [CVE-2023-42280](CVE-2023/CVE-2023-422xx/CVE-2023-42280.json) (`2023-09-21T19:15:11.823`) ### CVEs modified in the last Commit -Recently modified CVEs: `36` +Recently modified CVEs: `30` -* [CVE-2023-43274](CVE-2023/CVE-2023-432xx/CVE-2023-43274.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-43309](CVE-2023/CVE-2023-433xx/CVE-2023-43309.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-43631](CVE-2023/CVE-2023-436xx/CVE-2023-43631.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-43632](CVE-2023/CVE-2023-436xx/CVE-2023-43632.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-43633](CVE-2023/CVE-2023-436xx/CVE-2023-43633.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-43634](CVE-2023/CVE-2023-436xx/CVE-2023-43634.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-43637](CVE-2023/CVE-2023-436xx/CVE-2023-43637.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-40183](CVE-2023/CVE-2023-401xx/CVE-2023-40183.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-41048](CVE-2023/CVE-2023-410xx/CVE-2023-41048.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-42457](CVE-2023/CVE-2023-424xx/CVE-2023-42457.json) (`2023-09-21T16:08:49.637`) -* [CVE-2023-38557](CVE-2023/CVE-2023-385xx/CVE-2023-38557.json) (`2023-09-21T16:12:01.620`) -* [CVE-2023-41880](CVE-2023/CVE-2023-418xx/CVE-2023-41880.json) (`2023-09-21T16:17:54.780`) -* [CVE-2023-43115](CVE-2023/CVE-2023-431xx/CVE-2023-43115.json) (`2023-09-21T16:27:00.170`) -* [CVE-2023-1409](CVE-2023/CVE-2023-14xx/CVE-2023-1409.json) (`2023-09-21T17:15:15.390`) -* [CVE-2023-35011](CVE-2023/CVE-2023-350xx/CVE-2023-35011.json) (`2023-09-21T17:15:16.340`) -* [CVE-2023-41080](CVE-2023/CVE-2023-410xx/CVE-2023-41080.json) (`2023-09-21T17:15:21.673`) -* [CVE-2023-4807](CVE-2023/CVE-2023-48xx/CVE-2023-4807.json) (`2023-09-21T17:15:24.233`) -* [CVE-2023-34195](CVE-2023/CVE-2023-341xx/CVE-2023-34195.json) (`2023-09-21T17:22:14.967`) -* [CVE-2023-42371](CVE-2023/CVE-2023-423xx/CVE-2023-42371.json) (`2023-09-21T17:26:09.130`) -* [CVE-2023-42387](CVE-2023/CVE-2023-423xx/CVE-2023-42387.json) (`2023-09-21T17:29:49.900`) -* [CVE-2023-41595](CVE-2023/CVE-2023-415xx/CVE-2023-41595.json) (`2023-09-21T17:31:59.773`) -* [CVE-2023-42320](CVE-2023/CVE-2023-423xx/CVE-2023-42320.json) (`2023-09-21T17:37:44.687`) -* [CVE-2023-42328](CVE-2023/CVE-2023-423xx/CVE-2023-42328.json) (`2023-09-21T17:48:17.520`) -* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-09-21T17:55:12.113`) -* [CVE-2023-40019](CVE-2023/CVE-2023-400xx/CVE-2023-40019.json) (`2023-09-21T17:59:10.547`) +* [CVE-2023-30013](CVE-2023/CVE-2023-300xx/CVE-2023-30013.json) (`2023-09-21T18:15:11.887`) +* [CVE-2023-42441](CVE-2023/CVE-2023-424xx/CVE-2023-42441.json) (`2023-09-21T18:19:21.420`) +* [CVE-2023-40619](CVE-2023/CVE-2023-406xx/CVE-2023-40619.json) (`2023-09-21T18:20:39.203`) +* [CVE-2023-39452](CVE-2023/CVE-2023-394xx/CVE-2023-39452.json) (`2023-09-21T18:30:29.217`) +* [CVE-2023-43377](CVE-2023/CVE-2023-433xx/CVE-2023-43377.json) (`2023-09-21T18:35:37.720`) +* [CVE-2023-39446](CVE-2023/CVE-2023-394xx/CVE-2023-39446.json) (`2023-09-21T18:36:06.497`) +* [CVE-2023-43376](CVE-2023/CVE-2023-433xx/CVE-2023-43376.json) (`2023-09-21T18:36:11.620`) +* [CVE-2023-42399](CVE-2023/CVE-2023-423xx/CVE-2023-42399.json) (`2023-09-21T18:39:59.043`) +* [CVE-2023-5054](CVE-2023/CVE-2023-50xx/CVE-2023-5054.json) (`2023-09-21T18:41:03.767`) +* [CVE-2023-43375](CVE-2023/CVE-2023-433xx/CVE-2023-43375.json) (`2023-09-21T18:41:49.407`) +* [CVE-2023-5009](CVE-2023/CVE-2023-50xx/CVE-2023-5009.json) (`2023-09-21T18:44:15.703`) +* [CVE-2023-29245](CVE-2023/CVE-2023-292xx/CVE-2023-29245.json) (`2023-09-21T18:52:45.453`) +* [CVE-2023-4094](CVE-2023/CVE-2023-40xx/CVE-2023-4094.json) (`2023-09-21T18:58:46.983`) +* [CVE-2023-2567](CVE-2023/CVE-2023-25xx/CVE-2023-2567.json) (`2023-09-21T18:59:18.827`) +* [CVE-2023-32649](CVE-2023/CVE-2023-326xx/CVE-2023-32649.json) (`2023-09-21T19:04:51.733`) +* [CVE-2023-40442](CVE-2023/CVE-2023-404xx/CVE-2023-40442.json) (`2023-09-21T19:15:10.193`) +* [CVE-2023-41064](CVE-2023/CVE-2023-410xx/CVE-2023-41064.json) (`2023-09-21T19:15:10.657`) +* [CVE-2023-41990](CVE-2023/CVE-2023-419xx/CVE-2023-41990.json) (`2023-09-21T19:15:10.970`) +* [CVE-2023-4096](CVE-2023/CVE-2023-40xx/CVE-2023-4096.json) (`2023-09-21T19:24:07.507`) +* [CVE-2023-0773](CVE-2023/CVE-2023-07xx/CVE-2023-0773.json) (`2023-09-21T19:24:14.093`) +* [CVE-2023-26143](CVE-2023/CVE-2023-261xx/CVE-2023-26143.json) (`2023-09-21T19:28:36.640`) +* [CVE-2023-39058](CVE-2023/CVE-2023-390xx/CVE-2023-39058.json) (`2023-09-21T19:33:37.093`) +* [CVE-2023-32003](CVE-2023/CVE-2023-320xx/CVE-2023-32003.json) (`2023-09-21T19:38:19.270`) +* [CVE-2023-38582](CVE-2023/CVE-2023-385xx/CVE-2023-38582.json) (`2023-09-21T19:39:11.370`) +* [CVE-2023-23957](CVE-2023/CVE-2023-239xx/CVE-2023-23957.json) (`2023-09-21T19:50:10.113`) ## Download and Usage