From 92d72f145cc683f7f203bb75760f30e14aa27324 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 1 Aug 2023 18:00:36 +0000 Subject: [PATCH] Auto-Update: 2023-08-01T18:00:32.895197+00:00 --- CVE-2023/CVE-2023-24xx/CVE-2023-2430.json | 87 ++++++++++++- CVE-2023/CVE-2023-258xx/CVE-2023-25840.json | 51 +++++++- CVE-2023/CVE-2023-281xx/CVE-2023-28133.json | 61 ++++++++- CVE-2023/CVE-2023-32xx/CVE-2023-3247.json | 73 ++++++++++- CVE-2023/CVE-2023-334xx/CVE-2023-33493.json | 43 +++++++ CVE-2023/CVE-2023-34xx/CVE-2023-3417.json | 117 +++++++++++++++-- CVE-2023/CVE-2023-362xx/CVE-2023-36210.json | 24 ++++ CVE-2023/CVE-2023-362xx/CVE-2023-36211.json | 20 +++ CVE-2023/CVE-2023-380xx/CVE-2023-38056.json | 72 ++++++++++- CVE-2023/CVE-2023-380xx/CVE-2023-38057.json | 72 ++++++++++- CVE-2023/CVE-2023-380xx/CVE-2023-38058.json | 58 ++++++++- CVE-2023/CVE-2023-380xx/CVE-2023-38060.json | 72 ++++++++++- CVE-2023/CVE-2023-385xx/CVE-2023-38559.json | 55 ++++++++ CVE-2023/CVE-2023-385xx/CVE-2023-38560.json | 55 ++++++++ CVE-2023/CVE-2023-386xx/CVE-2023-38633.json | 134 ++++++++++++++++++-- CVE-2023/CVE-2023-38xx/CVE-2023-3863.json | 71 ++++++++++- CVE-2023/CVE-2023-40xx/CVE-2023-4054.json | 32 +++++ CVE-2023/CVE-2023-40xx/CVE-2023-4055.json | 32 +++++ CVE-2023/CVE-2023-40xx/CVE-2023-4056.json | 32 +++++ CVE-2023/CVE-2023-40xx/CVE-2023-4057.json | 28 ++++ CVE-2023/CVE-2023-40xx/CVE-2023-4058.json | 24 ++++ README.md | 58 ++++----- 22 files changed, 1191 insertions(+), 80 deletions(-) create mode 100644 CVE-2023/CVE-2023-334xx/CVE-2023-33493.json create mode 100644 CVE-2023/CVE-2023-362xx/CVE-2023-36210.json create mode 100644 CVE-2023/CVE-2023-362xx/CVE-2023-36211.json create mode 100644 CVE-2023/CVE-2023-385xx/CVE-2023-38559.json create mode 100644 CVE-2023/CVE-2023-385xx/CVE-2023-38560.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4054.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4055.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4056.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4057.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4058.json diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2430.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2430.json index d10b65e4453..5b9b396c2ed 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2430.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2430.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2430", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-23T02:15:11.257", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T17:07:49.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,10 +56,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.2", + "matchCriteriaId": "108695B6-7133-4B6C-80AF-0F66880FE858" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:-:*:*:*:*:*:*", + "matchCriteriaId": "3ADCCCEE-143A-4B48-9B2A-0CB97BD385DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", + "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", + "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", + "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e12d7a46f65ae4b7d58a5e0c1cbfa825cf8", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25840.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25840.json index fcc6fc86be5..79e2201d9e8 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25840.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25840.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25840", "sourceIdentifier": "psirt@esri.com", "published": "2023-07-21T19:15:10.160", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T16:05:05.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@esri.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +31,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 1.4 + }, + { + "source": "psirt@esri.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 1.4 } ] }, @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.8.1", + "versionEndExcluding": "11.1", + "matchCriteriaId": "B9E2953E-FE3E-41D1-8A88-638C3DEED27F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/announcements/arcgis-server-security-2023-update-1-patch-available/", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28133.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28133.json index d520fdd8b05..712e7a8c3b5 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28133.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28133.json @@ -2,16 +2,49 @@ "id": "CVE-2023-28133", "sourceIdentifier": "cve@checkpoint.com", "published": "2023-07-23T10:15:09.577", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T16:44:44.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "cve@checkpoint.com", "type": "Secondary", @@ -23,10 +56,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:checkpoint:endpoint_security:e87.30:*:*:*:*:windows:*:*", + "matchCriteriaId": "D5545C76-DD76-44DE-BC70-06B855CE8098" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.checkpoint.com/results/sk/sk181276", - "source": "cve@checkpoint.com" + "source": "cve@checkpoint.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3247.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3247.json index 8d0cff5521b..5a6af6afc50 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3247.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3247.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3247", "sourceIdentifier": "security@php.net", "published": "2023-07-22T05:15:37.460", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T16:38:09.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@php.net", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + }, { "source": "security@php.net", "type": "Secondary", @@ -50,10 +80,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.29", + "matchCriteriaId": "74F672AC-6864-41C5-9832-490C33F39D12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.1.0", + "versionEndExcluding": "8.1.20", + "matchCriteriaId": "30B3A139-7917-46D1-8747-FAEBED4B5EF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.2.0", + "versionEndExcluding": "8.2.7", + "matchCriteriaId": "C1A67DFA-5A0F-4E08-B7C7-DB21C1675A1A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw", - "source": "security@php.net" + "source": "security@php.net", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33493.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33493.json new file mode 100644 index 00000000000..a86dccc49c2 --- /dev/null +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33493.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33493", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T17:15:09.690", + "lastModified": "2023-08-01T17:15:09.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://security.friendsofpresta.org/module/2023/07/28/ajaxmanager.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json index e4c68ececf3..46c43a4f0d9 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json @@ -2,35 +2,136 @@ "id": "CVE-2023-3417", "sourceIdentifier": "security@mozilla.org", "published": "2023-07-24T11:15:09.953", - "lastModified": "2023-07-31T10:15:10.727", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-01T17:53:51.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.13.1", + "matchCriteriaId": "2574463E-5644-41D7-BBFA-FDFD33C50751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionStartIncluding": "115.0", + "versionEndExcluding": "115.0.1", + "matchCriteriaId": "D9DC07B8-1108-49EF-9FEC-574195A49F60" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1835582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00032.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5463", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-27/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-28/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36210.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36210.json new file mode 100644 index 00000000000..3e6449368b0 --- /dev/null +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36210.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-36210", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T17:15:09.773", + "lastModified": "2023-08-01T17:15:09.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://vulners.com/zdt/1337DAY-ID-38750", + "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51499", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36211.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36211.json new file mode 100644 index 00000000000..952d9661ee0 --- /dev/null +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36211.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-36211", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-01T17:15:09.833", + "lastModified": "2023-08-01T17:15:09.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.exploit-db.com/exploits/51502", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38056.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38056.json index b599ad5baad..9bdd01eb2d6 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38056.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38056.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38056", "sourceIdentifier": "security@otrs.com", "published": "2023-07-24T09:15:09.403", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T17:00:31.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@otrs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security@otrs.com", "type": "Secondary", @@ -46,10 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*", + "versionStartIncluding": "6.0.1", + "versionEndIncluding": "6.0.34", + "matchCriteriaId": "F4C2FF02-9A6F-435D-A55A-D2F085BD1FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.45", + "matchCriteriaId": "63B08C08-56D6-40F4-B481-BC8672FD7AC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.35", + "matchCriteriaId": "4F6AD29E-B905-4974-95EE-23E9C05186C0" + } + ] + } + ] + } + ], "references": [ { "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-05/", - "source": "security@otrs.com" + "source": "security@otrs.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38057.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38057.json index c1e86e03d82..d4096c4e7c9 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38057.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38057.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38057", "sourceIdentifier": "security@otrs.com", "published": "2023-07-24T09:15:09.927", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T17:34:41.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@otrs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@otrs.com", "type": "Secondary", @@ -46,10 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.22", + "matchCriteriaId": "B78B02C9-56F4-4804-A6A4-F055D3B29715" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.32", + "matchCriteriaId": "739A97E5-914C-46EC-BDDE-36264E78AD69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.13", + "matchCriteriaId": "C9322399-2DA5-4553-8139-E9E265AB514E" + } + ] + } + ] + } + ], "references": [ { "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-06/", - "source": "security@otrs.com" + "source": "security@otrs.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38058.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38058.json index 9742d9a41a4..1e09b56a1ee 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38058.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38058.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38058", "sourceIdentifier": "security@otrs.com", "published": "2023-07-24T09:15:10.003", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T17:35:53.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@otrs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "security@otrs.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.35", + "matchCriteriaId": "EED0854F-D955-41C1-88D9-4C8265F75FDE" + } + ] + } + ] + } + ], "references": [ { "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-07/", - "source": "security@otrs.com" + "source": "security@otrs.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38060.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38060.json index 68a275c2caf..0d27feea7bc 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38060.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38060.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38060", "sourceIdentifier": "security@otrs.com", "published": "2023-07-24T09:15:10.073", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T17:46:19.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@otrs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "security@otrs.com", "type": "Secondary", @@ -46,10 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*", + "versionStartIncluding": "6.0.1", + "versionEndIncluding": "6.0.34", + "matchCriteriaId": "F4C2FF02-9A6F-435D-A55A-D2F085BD1FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.45", + "matchCriteriaId": "63B08C08-56D6-40F4-B481-BC8672FD7AC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.35", + "matchCriteriaId": "4F6AD29E-B905-4974-95EE-23E9C05186C0" + } + ] + } + ] + } + ], "references": [ { "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/", - "source": "security@otrs.com" + "source": "security@otrs.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38559.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38559.json new file mode 100644 index 00000000000..7c6da6896fb --- /dev/null +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38559.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38559", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-08-01T17:15:09.890", + "lastModified": "2023-08-01T17:15:09.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-38559", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=706897", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224367", + "source": "secalert@redhat.com" + }, + { + "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38560.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38560.json new file mode 100644 index 00000000000..9e1e68367cb --- /dev/null +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38560.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38560", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-08-01T17:15:09.967", + "lastModified": "2023-08-01T17:15:09.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-38560", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=706897", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224368", + "source": "secalert@redhat.com" + }, + { + "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json index 7e2e5fbae5a..73b5841223b 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json @@ -2,35 +2,153 @@ "id": "CVE-2023-38633", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-22T17:15:09.810", - "lastModified": "2023-07-28T08:15:10.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T16:09:50.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.46.6", + "matchCriteriaId": "D368A369-F4C5-459F-AE8B-F8A6BD5C830D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.48.0", + "versionEndExcluding": "2.48.11", + "matchCriteriaId": "EB43F56A-0F8D-42C5-8DC1-0EE957AE9D8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.50.0", + "versionEndExcluding": "2.50.8", + "matchCriteriaId": "DC1D8EC3-E163-4AED-ACC3-74B2520CD21D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.52.0", + "versionEndExcluding": "2.52.10", + "matchCriteriaId": "4262E2FD-02C5-47A0-A318-F3A080A3719B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.54.0", + "versionEndExcluding": "2.54.6", + "matchCriteriaId": "9A353765-59DE-4581-B063-B5C127261F6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.55.0", + "versionEndExcluding": "2.55.3", + "matchCriteriaId": "8EE4893F-C118-48E2-B884-D560423D17F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.56.0", + "versionEndExcluding": "2.56.3", + "matchCriteriaId": "4B6589AD-7D57-46CB-BF8D-FF1D5BFB2D9D" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Jul/43", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Not Applicable", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/27/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1213502", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://gitlab.gnome.org/GNOME/librsvg/-/issues/996", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json index b739d1712a0..494970828e5 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3863", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T15:15:09.397", - "lastModified": "2023-07-25T13:01:13.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-01T17:59:41.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +54,59 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3863", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225126", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4054.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4054.json new file mode 100644 index 00000000000..75806b48a45 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4054.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4054", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T16:15:09.890", + "lastModified": "2023-08-01T16:43:18.493", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1840777", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4055.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4055.json new file mode 100644 index 00000000000..41a3a531b19 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4055.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4055", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T16:15:09.967", + "lastModified": "2023-08-01T16:43:18.493", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1782561", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4056.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4056.json new file mode 100644 index 00000000000..df34ba50e20 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4056.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-4056", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T16:15:10.020", + "lastModified": "2023-08-01T16:43:18.493", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-30/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4057.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4057.json new file mode 100644 index 00000000000..a9eec71867d --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4057.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-4057", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T16:15:10.080", + "lastModified": "2023-08-01T16:43:18.493", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841682", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4058.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4058.json new file mode 100644 index 00000000000..276a51c7036 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4058.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4058", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-08-01T16:15:10.133", + "lastModified": "2023-08-01T16:43:18.493", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1819160%2C1828024", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2886069e524..6004f260cff 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-01T16:00:27.501449+00:00 +2023-08-01T18:00:32.895197+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-01T15:56:56.813000+00:00 +2023-08-01T17:59:41.893000+00:00 ``` ### Last Data Feed Release @@ -29,46 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221375 +221385 ``` ### CVEs added in the last Commit -Recently added CVEs: `17` +Recently added CVEs: `10` -* [CVE-2022-39986](CVE-2022/CVE-2022-399xx/CVE-2022-39986.json) (`2023-08-01T14:15:09.877`) -* [CVE-2022-39987](CVE-2022/CVE-2022-399xx/CVE-2022-39987.json) (`2023-08-01T14:15:09.937`) -* [CVE-2023-31710](CVE-2023/CVE-2023-317xx/CVE-2023-31710.json) (`2023-08-01T14:15:10.013`) -* [CVE-2023-34634](CVE-2023/CVE-2023-346xx/CVE-2023-34634.json) (`2023-08-01T14:15:10.070`) -* [CVE-2023-39108](CVE-2023/CVE-2023-391xx/CVE-2023-39108.json) (`2023-08-01T14:15:10.137`) -* [CVE-2023-39109](CVE-2023/CVE-2023-391xx/CVE-2023-39109.json) (`2023-08-01T14:15:10.193`) -* [CVE-2023-39110](CVE-2023/CVE-2023-391xx/CVE-2023-39110.json) (`2023-08-01T14:15:10.247`) -* [CVE-2023-38357](CVE-2023/CVE-2023-383xx/CVE-2023-38357.json) (`2023-08-01T15:15:09.703`) -* [CVE-2023-4045](CVE-2023/CVE-2023-40xx/CVE-2023-4045.json) (`2023-08-01T15:15:09.783`) -* [CVE-2023-4046](CVE-2023/CVE-2023-40xx/CVE-2023-4046.json) (`2023-08-01T15:15:09.847`) -* [CVE-2023-4047](CVE-2023/CVE-2023-40xx/CVE-2023-4047.json) (`2023-08-01T15:15:09.903`) -* [CVE-2023-4048](CVE-2023/CVE-2023-40xx/CVE-2023-4048.json) (`2023-08-01T15:15:09.967`) -* [CVE-2023-4049](CVE-2023/CVE-2023-40xx/CVE-2023-4049.json) (`2023-08-01T15:15:10.030`) -* [CVE-2023-4050](CVE-2023/CVE-2023-40xx/CVE-2023-4050.json) (`2023-08-01T15:15:10.090`) -* [CVE-2023-4051](CVE-2023/CVE-2023-40xx/CVE-2023-4051.json) (`2023-08-01T15:15:10.147`) -* [CVE-2023-4052](CVE-2023/CVE-2023-40xx/CVE-2023-4052.json) (`2023-08-01T15:15:10.207`) -* [CVE-2023-4053](CVE-2023/CVE-2023-40xx/CVE-2023-4053.json) (`2023-08-01T15:15:10.267`) +* [CVE-2023-4054](CVE-2023/CVE-2023-40xx/CVE-2023-4054.json) (`2023-08-01T16:15:09.890`) +* [CVE-2023-4055](CVE-2023/CVE-2023-40xx/CVE-2023-4055.json) (`2023-08-01T16:15:09.967`) +* [CVE-2023-4056](CVE-2023/CVE-2023-40xx/CVE-2023-4056.json) (`2023-08-01T16:15:10.020`) +* [CVE-2023-4057](CVE-2023/CVE-2023-40xx/CVE-2023-4057.json) (`2023-08-01T16:15:10.080`) +* [CVE-2023-4058](CVE-2023/CVE-2023-40xx/CVE-2023-4058.json) (`2023-08-01T16:15:10.133`) +* [CVE-2023-33493](CVE-2023/CVE-2023-334xx/CVE-2023-33493.json) (`2023-08-01T17:15:09.690`) +* [CVE-2023-36210](CVE-2023/CVE-2023-362xx/CVE-2023-36210.json) (`2023-08-01T17:15:09.773`) +* [CVE-2023-36211](CVE-2023/CVE-2023-362xx/CVE-2023-36211.json) (`2023-08-01T17:15:09.833`) +* [CVE-2023-38559](CVE-2023/CVE-2023-385xx/CVE-2023-38559.json) (`2023-08-01T17:15:09.890`) +* [CVE-2023-38560](CVE-2023/CVE-2023-385xx/CVE-2023-38560.json) (`2023-08-01T17:15:09.967`) ### CVEs modified in the last Commit -Recently modified CVEs: `10` +Recently modified CVEs: `11` -* [CVE-2023-30151](CVE-2023/CVE-2023-301xx/CVE-2023-30151.json) (`2023-08-01T14:02:19.910`) -* [CVE-2023-3117](CVE-2023/CVE-2023-31xx/CVE-2023-3117.json) (`2023-08-01T14:15:11.253`) -* [CVE-2023-3603](CVE-2023/CVE-2023-36xx/CVE-2023-3603.json) (`2023-08-01T14:44:42.517`) -* [CVE-2023-3802](CVE-2023/CVE-2023-38xx/CVE-2023-3802.json) (`2023-08-01T15:07:06.753`) -* [CVE-2023-38523](CVE-2023/CVE-2023-385xx/CVE-2023-38523.json) (`2023-08-01T15:24:35.470`) -* [CVE-2023-38187](CVE-2023/CVE-2023-381xx/CVE-2023-38187.json) (`2023-08-01T15:35:07.063`) -* [CVE-2023-38173](CVE-2023/CVE-2023-381xx/CVE-2023-38173.json) (`2023-08-01T15:41:11.363`) -* [CVE-2023-35392](CVE-2023/CVE-2023-353xx/CVE-2023-35392.json) (`2023-08-01T15:42:05.133`) -* [CVE-2023-37915](CVE-2023/CVE-2023-379xx/CVE-2023-37915.json) (`2023-08-01T15:47:10.000`) -* [CVE-2023-25841](CVE-2023/CVE-2023-258xx/CVE-2023-25841.json) (`2023-08-01T15:56:56.813`) +* [CVE-2023-25840](CVE-2023/CVE-2023-258xx/CVE-2023-25840.json) (`2023-08-01T16:05:05.347`) +* [CVE-2023-38633](CVE-2023/CVE-2023-386xx/CVE-2023-38633.json) (`2023-08-01T16:09:50.957`) +* [CVE-2023-3247](CVE-2023/CVE-2023-32xx/CVE-2023-3247.json) (`2023-08-01T16:38:09.033`) +* [CVE-2023-28133](CVE-2023/CVE-2023-281xx/CVE-2023-28133.json) (`2023-08-01T16:44:44.847`) +* [CVE-2023-38056](CVE-2023/CVE-2023-380xx/CVE-2023-38056.json) (`2023-08-01T17:00:31.543`) +* [CVE-2023-2430](CVE-2023/CVE-2023-24xx/CVE-2023-2430.json) (`2023-08-01T17:07:49.620`) +* [CVE-2023-38057](CVE-2023/CVE-2023-380xx/CVE-2023-38057.json) (`2023-08-01T17:34:41.557`) +* [CVE-2023-38058](CVE-2023/CVE-2023-380xx/CVE-2023-38058.json) (`2023-08-01T17:35:53.147`) +* [CVE-2023-38060](CVE-2023/CVE-2023-380xx/CVE-2023-38060.json) (`2023-08-01T17:46:19.570`) +* [CVE-2023-3417](CVE-2023/CVE-2023-34xx/CVE-2023-3417.json) (`2023-08-01T17:53:51.063`) +* [CVE-2023-3863](CVE-2023/CVE-2023-38xx/CVE-2023-3863.json) (`2023-08-01T17:59:41.893`) ## Download and Usage