diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35082.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35082.json index c62064f151b..28c3ee0a3db 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35082.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35082.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35082", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-15T16:15:11.633", - "lastModified": "2023-08-15T17:15:47.060", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T02:16:30.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -34,10 +56,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.10.0", + "matchCriteriaId": "6B41E29D-8E92-4DEC-B2B9-375BFF248A13" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38860.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38860.json index b6b1ad27707..525169a0a7b 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38860.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38860.json @@ -2,19 +2,75 @@ "id": "CVE-2023-38860", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T17:15:11.737", - "lastModified": "2023-08-15T17:15:41.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T02:22:07.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:langchain:langchain:0.0.231:*:*:*:*:*:*:*", + "matchCriteriaId": "F477D71B-7192-463A-94B4-99EB77D322C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hwchase17/langchain/issues/7641", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json index 7379ebea62e..1715e2e2851 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json @@ -2,31 +2,111 @@ "id": "CVE-2023-40283", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T03:15:09.257", - "lastModified": "2023-08-19T18:17:08.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T02:06:18.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.4.10", + "matchCriteriaId": "C26BB101-2CAD-4F3C-9EE4-7865C5B8A1AA" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] + } + ], "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5480", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 5aaabae3193..8bcb7b810b0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-22T02:00:29.579652+00:00 +2023-08-22T04:00:33.919170+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-22T01:58:46.843000+00:00 +2023-08-22T02:22:07.450000+00:00 ``` ### Last Data Feed Release @@ -34,42 +34,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `0` -* [CVE-2023-38906](CVE-2023/CVE-2023-389xx/CVE-2023-38906.json) (`2023-08-22T00:15:07.920`) -* [CVE-2023-38908](CVE-2023/CVE-2023-389xx/CVE-2023-38908.json) (`2023-08-22T01:15:08.153`) -* [CVE-2023-38909](CVE-2023/CVE-2023-389xx/CVE-2023-38909.json) (`2023-08-22T01:15:08.537`) ### CVEs modified in the last Commit -Recently modified CVEs: `30` +Recently modified CVEs: `3` -* [CVE-2023-28622](CVE-2023/CVE-2023-286xx/CVE-2023-28622.json) (`2023-08-22T00:55:23.717`) -* [CVE-2023-30874](CVE-2023/CVE-2023-308xx/CVE-2023-30874.json) (`2023-08-22T00:55:37.513`) -* [CVE-2023-30876](CVE-2023/CVE-2023-308xx/CVE-2023-30876.json) (`2023-08-22T00:55:49.987`) -* [CVE-2023-30877](CVE-2023/CVE-2023-308xx/CVE-2023-30877.json) (`2023-08-22T00:56:01.303`) -* [CVE-2023-31071](CVE-2023/CVE-2023-310xx/CVE-2023-31071.json) (`2023-08-22T00:56:09.750`) -* [CVE-2023-31076](CVE-2023/CVE-2023-310xx/CVE-2023-31076.json) (`2023-08-22T00:56:19.440`) -* [CVE-2023-26530](CVE-2023/CVE-2023-265xx/CVE-2023-26530.json) (`2023-08-22T00:56:35.657`) -* [CVE-2023-31074](CVE-2023/CVE-2023-310xx/CVE-2023-31074.json) (`2023-08-22T00:56:44.707`) -* [CVE-2023-31091](CVE-2023/CVE-2023-310xx/CVE-2023-31091.json) (`2023-08-22T00:56:52.430`) -* [CVE-2023-38838](CVE-2023/CVE-2023-388xx/CVE-2023-38838.json) (`2023-08-22T00:57:04.490`) -* [CVE-2023-28693](CVE-2023/CVE-2023-286xx/CVE-2023-28693.json) (`2023-08-22T00:57:12.023`) -* [CVE-2023-28783](CVE-2023/CVE-2023-287xx/CVE-2023-28783.json) (`2023-08-22T00:57:19.960`) -* [CVE-2023-31079](CVE-2023/CVE-2023-310xx/CVE-2023-31079.json) (`2023-08-22T00:57:29.870`) -* [CVE-2023-38890](CVE-2023/CVE-2023-388xx/CVE-2023-38890.json) (`2023-08-22T00:57:39.623`) -* [CVE-2023-38910](CVE-2023/CVE-2023-389xx/CVE-2023-38910.json) (`2023-08-22T00:58:18.610`) -* [CVE-2023-38911](CVE-2023/CVE-2023-389xx/CVE-2023-38911.json) (`2023-08-22T00:58:46.030`) -* [CVE-2023-4422](CVE-2023/CVE-2023-44xx/CVE-2023-4422.json) (`2023-08-22T00:58:55.880`) -* [CVE-2023-23208](CVE-2023/CVE-2023-232xx/CVE-2023-23208.json) (`2023-08-22T01:00:04.300`) -* [CVE-2023-35689](CVE-2023/CVE-2023-356xx/CVE-2023-35689.json) (`2023-08-22T01:10:41.940`) -* [CVE-2023-40518](CVE-2023/CVE-2023-405xx/CVE-2023-40518.json) (`2023-08-22T01:16:07.403`) -* [CVE-2023-4347](CVE-2023/CVE-2023-43xx/CVE-2023-4347.json) (`2023-08-22T01:22:29.127`) -* [CVE-2023-30498](CVE-2023/CVE-2023-304xx/CVE-2023-30498.json) (`2023-08-22T01:42:12.990`) -* [CVE-2023-30747](CVE-2023/CVE-2023-307xx/CVE-2023-30747.json) (`2023-08-22T01:47:46.017`) -* [CVE-2023-32003](CVE-2023/CVE-2023-320xx/CVE-2023-32003.json) (`2023-08-22T01:55:13.197`) -* [CVE-2023-30778](CVE-2023/CVE-2023-307xx/CVE-2023-30778.json) (`2023-08-22T01:58:46.843`) +* [CVE-2023-40283](CVE-2023/CVE-2023-402xx/CVE-2023-40283.json) (`2023-08-22T02:06:18.883`) +* [CVE-2023-35082](CVE-2023/CVE-2023-350xx/CVE-2023-35082.json) (`2023-08-22T02:16:30.973`) +* [CVE-2023-38860](CVE-2023/CVE-2023-388xx/CVE-2023-38860.json) (`2023-08-22T02:22:07.450`) ## Download and Usage