From 9578a75dc10a82e52ca89634731a0d89a1bfd956 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 20 Dec 2023 21:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-20T21:00:24.583487+00:00 --- CVE-2022/CVE-2022-11xx/CVE-2022-1184.json | 119 ++++++++++- CVE-2022/CVE-2022-220xx/CVE-2022-22035.json | 6 +- CVE-2022/CVE-2022-245xx/CVE-2022-24504.json | 6 +- CVE-2022/CVE-2022-269xx/CVE-2022-26929.json | 6 +- CVE-2022/CVE-2022-301xx/CVE-2022-30198.json | 6 +- CVE-2022/CVE-2022-336xx/CVE-2022-33634.json | 6 +- CVE-2022/CVE-2022-336xx/CVE-2022-33635.json | 6 +- CVE-2022/CVE-2022-336xx/CVE-2022-33645.json | 8 +- CVE-2022/CVE-2022-346xx/CVE-2022-34689.json | 6 +- CVE-2022/CVE-2022-357xx/CVE-2022-35770.json | 6 +- CVE-2022/CVE-2022-358xx/CVE-2022-35828.json | 6 +- CVE-2022/CVE-2022-358xx/CVE-2022-35829.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37965.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37968.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37970.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37971.json | 4 +- CVE-2022/CVE-2022-379xx/CVE-2022-37972.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37973.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37974.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37975.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37976.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37977.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37978.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37979.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37980.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37981.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37982.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37983.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37984.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37985.json | 8 +- CVE-2022/CVE-2022-379xx/CVE-2022-37986.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37987.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37988.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37989.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37990.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37991.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37993.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37994.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37995.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37996.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37997.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37998.json | 6 +- CVE-2022/CVE-2022-379xx/CVE-2022-37999.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38000.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38001.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38003.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38007.json | 8 +- CVE-2022/CVE-2022-380xx/CVE-2022-38011.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38013.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38016.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38017.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38019.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38021.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38022.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38025.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38026.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38027.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38028.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38029.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38030.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38031.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38032.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38033.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38034.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38036.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38037.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38038.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38039.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38040.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38041.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38042.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38043.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38044.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38045.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38046.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38047.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38048.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38049.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38050.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38051.json | 6 +- CVE-2022/CVE-2022-380xx/CVE-2022-38053.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41031.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41032.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41033.json | 8 +- CVE-2022/CVE-2022-410xx/CVE-2022-41034.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41035.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41036.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41037.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41038.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41040.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41042.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41043.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41081.json | 6 +- CVE-2022/CVE-2022-410xx/CVE-2022-41082.json | 14 +- CVE-2022/CVE-2022-410xx/CVE-2022-41083.json | 6 +- CVE-2022/CVE-2022-446xx/CVE-2022-44684.json | 43 ++++ CVE-2022/CVE-2022-46xx/CVE-2022-4603.json | 30 ++- CVE-2022/CVE-2022-470xx/CVE-2022-47085.json | 14 +- CVE-2022/CVE-2022-475xx/CVE-2022-47597.json | 4 +- CVE-2022/CVE-2022-475xx/CVE-2022-47599.json | 4 +- CVE-2023/CVE-2023-231xx/CVE-2023-23155.json | 6 +- CVE-2023/CVE-2023-231xx/CVE-2023-23156.json | 6 +- CVE-2023/CVE-2023-231xx/CVE-2023-23157.json | 6 +- CVE-2023/CVE-2023-231xx/CVE-2023-23158.json | 6 +- CVE-2023/CVE-2023-231xx/CVE-2023-23161.json | 14 +- CVE-2023/CVE-2023-231xx/CVE-2023-23162.json | 14 +- CVE-2023/CVE-2023-231xx/CVE-2023-23163.json | 14 +- CVE-2023/CVE-2023-236xx/CVE-2023-23684.json | 8 +- CVE-2023/CVE-2023-239xx/CVE-2023-23970.json | 55 +++++ CVE-2023/CVE-2023-247xx/CVE-2023-24726.json | 6 +- CVE-2023/CVE-2023-259xx/CVE-2023-25970.json | 55 +++++ CVE-2023/CVE-2023-265xx/CVE-2023-26525.json | 4 +- CVE-2023/CVE-2023-281xx/CVE-2023-28170.json | 55 +++++ CVE-2023/CVE-2023-284xx/CVE-2023-28491.json | 4 +- CVE-2023/CVE-2023-287xx/CVE-2023-28788.json | 4 +- CVE-2023/CVE-2023-290xx/CVE-2023-29096.json | 4 +- CVE-2023/CVE-2023-291xx/CVE-2023-29102.json | 55 +++++ CVE-2023/CVE-2023-293xx/CVE-2023-29384.json | 55 +++++ CVE-2023/CVE-2023-294xx/CVE-2023-29432.json | 4 +- CVE-2023/CVE-2023-304xx/CVE-2023-30495.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30750.json | 4 +- CVE-2023/CVE-2023-308xx/CVE-2023-30872.json | 4 +- CVE-2023/CVE-2023-312xx/CVE-2023-31215.json | 55 +++++ CVE-2023/CVE-2023-312xx/CVE-2023-31231.json | 55 +++++ CVE-2023/CVE-2023-319xx/CVE-2023-31932.json | 6 +- CVE-2023/CVE-2023-319xx/CVE-2023-31933.json | 6 +- CVE-2023/CVE-2023-319xx/CVE-2023-31934.json | 6 +- CVE-2023/CVE-2023-319xx/CVE-2023-31935.json | 6 +- CVE-2023/CVE-2023-319xx/CVE-2023-31936.json | 6 +- CVE-2023/CVE-2023-319xx/CVE-2023-31937.json | 6 +- CVE-2023/CVE-2023-31xx/CVE-2023-3164.json | 32 ++- CVE-2023/CVE-2023-32xx/CVE-2023-3275.json | 14 +- CVE-2023/CVE-2023-333xx/CVE-2023-33318.json | 55 +++++ CVE-2023/CVE-2023-340xx/CVE-2023-34007.json | 55 +++++ CVE-2023/CVE-2023-343xx/CVE-2023-34385.json | 55 +++++ CVE-2023/CVE-2023-377xx/CVE-2023-37743.json | 6 +- CVE-2023/CVE-2023-402xx/CVE-2023-40204.json | 55 +++++ CVE-2023/CVE-2023-406xx/CVE-2023-40630.json | 67 +++++- CVE-2023/CVE-2023-456xx/CVE-2023-45603.json | 55 +++++ CVE-2023/CVE-2023-461xx/CVE-2023-46149.json | 55 +++++ CVE-2023/CVE-2023-469xx/CVE-2023-46998.json | 8 +- CVE-2023/CVE-2023-471xx/CVE-2023-47118.json | 4 +- CVE-2023/CVE-2023-477xx/CVE-2023-47784.json | 55 +++++ CVE-2023/CVE-2023-479xx/CVE-2023-47990.json | 20 ++ CVE-2023/CVE-2023-491xx/CVE-2023-49153.json | 47 ++++- CVE-2023/CVE-2023-491xx/CVE-2023-49161.json | 4 +- CVE-2023/CVE-2023-491xx/CVE-2023-49166.json | 4 +- CVE-2023/CVE-2023-492xx/CVE-2023-49269.json | 4 +- CVE-2023/CVE-2023-492xx/CVE-2023-49270.json | 59 ++++++ CVE-2023/CVE-2023-492xx/CVE-2023-49271.json | 59 ++++++ CVE-2023/CVE-2023-492xx/CVE-2023-49272.json | 59 ++++++ CVE-2023/CVE-2023-493xx/CVE-2023-49345.json | 72 ++++++- CVE-2023/CVE-2023-493xx/CVE-2023-49346.json | 72 ++++++- CVE-2023/CVE-2023-493xx/CVE-2023-49347.json | 72 ++++++- CVE-2023/CVE-2023-497xx/CVE-2023-49752.json | 4 +- CVE-2023/CVE-2023-498xx/CVE-2023-49814.json | 55 +++++ CVE-2023/CVE-2023-509xx/CVE-2023-50965.json | 75 ++++++- CVE-2023/CVE-2023-61xx/CVE-2023-6121.json | 6 +- CVE-2023/CVE-2023-61xx/CVE-2023-6134.json | 121 ++++++++++- CVE-2023/CVE-2023-68xx/CVE-2023-6886.json | 71 ++++++- CVE-2023/CVE-2023-68xx/CVE-2023-6887.json | 62 +++++- CVE-2023/CVE-2023-68xx/CVE-2023-6888.json | 78 ++++++- CVE-2023/CVE-2023-68xx/CVE-2023-6891.json | 61 +++++- CVE-2023/CVE-2023-68xx/CVE-2023-6893.json | 216 +++++++++++++++++++- CVE-2023/CVE-2023-68xx/CVE-2023-6899.json | 62 +++++- CVE-2023/CVE-2023-69xx/CVE-2023-6900.json | 72 ++++++- CVE-2023/CVE-2023-69xx/CVE-2023-6901.json | 63 +++++- CVE-2023/CVE-2023-69xx/CVE-2023-6906.json | 84 +++++++- CVE-2023/CVE-2023-69xx/CVE-2023-6907.json | 64 +++++- CVE-2023/CVE-2023-70xx/CVE-2023-7018.json | 4 +- README.md | 96 ++++----- 171 files changed, 2958 insertions(+), 567 deletions(-) create mode 100644 CVE-2022/CVE-2022-446xx/CVE-2022-44684.json create mode 100644 CVE-2023/CVE-2023-239xx/CVE-2023-23970.json create mode 100644 CVE-2023/CVE-2023-259xx/CVE-2023-25970.json create mode 100644 CVE-2023/CVE-2023-281xx/CVE-2023-28170.json create mode 100644 CVE-2023/CVE-2023-291xx/CVE-2023-29102.json create mode 100644 CVE-2023/CVE-2023-293xx/CVE-2023-29384.json create mode 100644 CVE-2023/CVE-2023-312xx/CVE-2023-31215.json create mode 100644 CVE-2023/CVE-2023-312xx/CVE-2023-31231.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33318.json create mode 100644 CVE-2023/CVE-2023-340xx/CVE-2023-34007.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34385.json create mode 100644 CVE-2023/CVE-2023-402xx/CVE-2023-40204.json create mode 100644 CVE-2023/CVE-2023-456xx/CVE-2023-45603.json create mode 100644 CVE-2023/CVE-2023-461xx/CVE-2023-46149.json create mode 100644 CVE-2023/CVE-2023-477xx/CVE-2023-47784.json create mode 100644 CVE-2023/CVE-2023-479xx/CVE-2023-47990.json create mode 100644 CVE-2023/CVE-2023-492xx/CVE-2023-49270.json create mode 100644 CVE-2023/CVE-2023-492xx/CVE-2023-49271.json create mode 100644 CVE-2023/CVE-2023-492xx/CVE-2023-49272.json create mode 100644 CVE-2023/CVE-2023-498xx/CVE-2023-49814.json diff --git a/CVE-2022/CVE-2022-11xx/CVE-2022-1184.json b/CVE-2022/CVE-2022-11xx/CVE-2022-1184.json index c8aec96ffa1..fe7a6ee8837 100644 --- a/CVE-2022/CVE-2022-11xx/CVE-2022-1184.json +++ b/CVE-2022/CVE-2022-11xx/CVE-2022-1184.json @@ -2,8 +2,8 @@ "id": "CVE-2022-1184", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-29T15:15:10.413", - "lastModified": "2023-02-12T22:15:23.433", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T20:10:36.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -69,8 +69,89 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", - "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "2.6.12", + "versionEndExcluding": "4.9.138", + "matchCriteriaId": "F9C64950-F22D-4306-B3A7-EAE45176299B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "4.14", + "versionEndExcluding": "4.14.283", + "matchCriteriaId": "710B94A9-F09F-4B18-9D38-0FDBC004BB21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "4.19", + "versionEndExcluding": "4.19.247", + "matchCriteriaId": "94240ABF-996C-4B73-8612-9B1102881F8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "5.4", + "versionEndExcluding": "5.4.198", + "matchCriteriaId": "226DC59F-A75D-47CE-BAB5-DFA20C8E4A46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "5.10", + "versionEndExcluding": "5.10.121", + "matchCriteriaId": "EDEF9A49-C2F9-41C6-9947-52E8D13E4E53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "5.15", + "versionEndExcluding": "5.15.46", + "matchCriteriaId": "77578AA5-6692-47CA-BC03-E99D59007463" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "5.17", + "versionEndExcluding": "5.17.14", + "matchCriteriaId": "597F5F18-F0BA-4627-A9A9-F35141387244" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "5.18", + "versionEndExcluding": "5.18.3", + "matchCriteriaId": "AE4422AF-02DF-4A4E-8EE6-6437A19A5D93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*", + "matchCriteriaId": "6F62EECE-8FB1-4D57-85D8-CB9E23CF313C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6" } ] } @@ -115,6 +196,36 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", + "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", + "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", + "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", + "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB" + } + ] + } + ] } ], "references": [ diff --git a/CVE-2022/CVE-2022-220xx/CVE-2022-22035.json b/CVE-2022/CVE-2022-220xx/CVE-2022-22035.json index 54e854c69c2..90a81325042 100644 --- a/CVE-2022/CVE-2022-220xx/CVE-2022-22035.json +++ b/CVE-2022/CVE-2022-220xx/CVE-2022-22035.json @@ -2,12 +2,12 @@ "id": "CVE-2022-22035", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.150", - "lastModified": "2022-10-13T14:40:57.287", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:09.387", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081." + "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-245xx/CVE-2022-24504.json b/CVE-2022/CVE-2022-245xx/CVE-2022-24504.json index 9e18712c9de..43142840afc 100644 --- a/CVE-2022/CVE-2022-245xx/CVE-2022-24504.json +++ b/CVE-2022/CVE-2022-245xx/CVE-2022-24504.json @@ -2,12 +2,12 @@ "id": "CVE-2022-24504", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.237", - "lastModified": "2022-10-13T14:41:00.257", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:09.523", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081." + "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-269xx/CVE-2022-26929.json b/CVE-2022/CVE-2022-269xx/CVE-2022-26929.json index ecb6aa6ebae..a88cc6f9de2 100644 --- a/CVE-2022/CVE-2022-269xx/CVE-2022-26929.json +++ b/CVE-2022/CVE-2022-269xx/CVE-2022-26929.json @@ -2,12 +2,12 @@ "id": "CVE-2022-26929", "sourceIdentifier": "secure@microsoft.com", "published": "2022-09-13T19:15:09.473", - "lastModified": "2023-10-15T16:18:45.880", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:09.623", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": ".NET Framework Remote Code Execution Vulnerability." + "value": ".NET Framework Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30198.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30198.json index 61e5ce4d0b3..da265190c77 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30198.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30198.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30198", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.307", - "lastModified": "2022-10-13T14:41:02.173", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:09.790", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081." + "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-336xx/CVE-2022-33634.json b/CVE-2022/CVE-2022-336xx/CVE-2022-33634.json index 91db5d7dedb..95f83b71cba 100644 --- a/CVE-2022/CVE-2022-336xx/CVE-2022-33634.json +++ b/CVE-2022/CVE-2022-336xx/CVE-2022-33634.json @@ -2,12 +2,12 @@ "id": "CVE-2022-33634", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.393", - "lastModified": "2022-10-13T14:41:04.043", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:09.907", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081." + "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-336xx/CVE-2022-33635.json b/CVE-2022/CVE-2022-336xx/CVE-2022-33635.json index d51851c8f0d..ae4b1c2a9fd 100644 --- a/CVE-2022/CVE-2022-336xx/CVE-2022-33635.json +++ b/CVE-2022/CVE-2022-336xx/CVE-2022-33635.json @@ -2,12 +2,12 @@ "id": "CVE-2022-33635", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.493", - "lastModified": "2022-10-12T14:36:28.757", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:10.007", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows GDI+ Remote Code Execution Vulnerability." + "value": "Windows GDI+ Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-336xx/CVE-2022-33645.json b/CVE-2022/CVE-2022-336xx/CVE-2022-33645.json index 77a32ab4ff8..b2edff1d074 100644 --- a/CVE-2022/CVE-2022-336xx/CVE-2022-33645.json +++ b/CVE-2022/CVE-2022-336xx/CVE-2022-33645.json @@ -2,12 +2,12 @@ "id": "CVE-2022-33645", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.570", - "lastModified": "2022-10-12T14:42:44.197", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:10.133", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows TCP/IP Driver Denial of Service Vulnerability." + "value": "Windows TCP/IP Driver Denial of Service Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34689.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34689.json index 172f990218b..c3375c1f4cb 100644 --- a/CVE-2022/CVE-2022-346xx/CVE-2022-34689.json +++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34689.json @@ -2,12 +2,12 @@ "id": "CVE-2022-34689", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.637", - "lastModified": "2022-10-12T14:44:24.913", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:10.270", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows CryptoAPI Spoofing Vulnerability." + "value": "Windows CryptoAPI Spoofing Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35770.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35770.json index f7041d90b65..4fe0f649dee 100644 --- a/CVE-2022/CVE-2022-357xx/CVE-2022-35770.json +++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35770.json @@ -2,12 +2,12 @@ "id": "CVE-2022-35770", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.713", - "lastModified": "2022-10-12T14:46:20.650", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:10.603", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows NTLM Spoofing Vulnerability." + "value": "Windows NTLM Spoofing Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-358xx/CVE-2022-35828.json b/CVE-2022/CVE-2022-358xx/CVE-2022-35828.json index 989a5396692..22cb2a8085e 100644 --- a/CVE-2022/CVE-2022-358xx/CVE-2022-35828.json +++ b/CVE-2022/CVE-2022-358xx/CVE-2022-35828.json @@ -2,12 +2,12 @@ "id": "CVE-2022-35828", "sourceIdentifier": "secure@microsoft.com", "published": "2022-09-13T19:15:11.137", - "lastModified": "2022-09-16T15:25:37.957", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:10.723", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability." + "value": "Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-358xx/CVE-2022-35829.json b/CVE-2022/CVE-2022-358xx/CVE-2022-35829.json index 55560118d3c..537eee6ddfc 100644 --- a/CVE-2022/CVE-2022-358xx/CVE-2022-35829.json +++ b/CVE-2022/CVE-2022-358xx/CVE-2022-35829.json @@ -2,12 +2,12 @@ "id": "CVE-2022-35829", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.787", - "lastModified": "2022-10-14T14:50:53.213", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:10.850", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Service Fabric Explorer Spoofing Vulnerability." + "value": "Service Fabric Explorer Spoofing Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37965.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37965.json index 7575885c4f5..ecd682a6bdf 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37965.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37965.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37965", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:11.960", - "lastModified": "2022-10-12T15:02:17.877", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.213", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability." + "value": "Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37968.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37968.json index 7155d071324..e42c3663e04 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37968.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37968.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37968", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.030", - "lastModified": "2022-10-12T15:06:38.720", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.297", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability." + "value": "

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.

\n" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37970.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37970.json index 45d8b071b96..603e02c8091 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37970.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37970.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37970", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.100", - "lastModified": "2022-10-12T15:12:15.590", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.397", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows DWM Core Library Elevation of Privilege Vulnerability." + "value": "Windows DWM Core Library Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37971.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37971.json index 3784e289c8b..2b97f10e1f3 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37971.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37971.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37971", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.167", - "lastModified": "2023-09-18T07:15:37.223", + "lastModified": "2023-12-20T20:15:11.473", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Windows Defender Elevation of Privilege Vulnerability." + "value": "Microsoft Windows Defender Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37972.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37972.json index 6b389b86a00..eba029fd220 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37972.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37972.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37972", "sourceIdentifier": "secure@microsoft.com", "published": "2022-09-20T19:15:09.930", - "lastModified": "2022-12-22T20:28:16.880", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.557", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Endpoint Configuration Manager Spoofing Vulnerability." + "value": "Microsoft Endpoint Configuration Manager Spoofing Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37973.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37973.json index e9daf0e29b2..1bb82dd645e 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37973.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37973.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37973", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.230", - "lastModified": "2022-11-14T15:09:31.297", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.650", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37998." + "value": "Windows Local Session Manager (LSM) Denial of Service Vulnerability" }, { "lang": "es", @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37974.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37974.json index dcdf957a38a..fbb9a283a70 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37974.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37974.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37974", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.297", - "lastModified": "2022-10-12T19:19:44.623", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.737", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Mixed Reality Developer Tools Information Disclosure Vulnerability." + "value": "Windows Mixed Reality Developer Tools Information Disclosure Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-668" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37975.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37975.json index ee655339847..a4ec29df28b 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37975.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37975.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37975", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.370", - "lastModified": "2022-11-14T14:46:02.730", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.813", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Group Policy Elevation of Privilege Vulnerability." + "value": "Windows Group Policy Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37976.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37976.json index 2777d470776..5d437fcaf80 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37976.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37976.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37976", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.457", - "lastModified": "2022-10-12T18:29:17.497", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.897", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Active Directory Certificate Services Elevation of Privilege Vulnerability." + "value": "Active Directory Certificate Services Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37977.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37977.json index 6e63fa9b422..f9c49cfd00e 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37977.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37977.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37977", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.530", - "lastModified": "2022-10-13T14:48:20.417", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:11.983", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability." + "value": "Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37978.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37978.json index f2a6a2c4189..8ed92f8e5e6 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37978.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37978.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37978", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.597", - "lastModified": "2022-10-13T14:56:54.717", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.073", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Active Directory Certificate Services Security Feature Bypass." + "value": "Windows Active Directory Certificate Services Security Feature Bypass" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37979.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37979.json index 1cebfd2e8de..9a76b6cdaee 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37979.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37979.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37979", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.667", - "lastModified": "2022-10-13T13:42:00.067", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.180", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Hyper-V Elevation of Privilege Vulnerability." + "value": "Windows Hyper-V Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37980.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37980.json index dc1c86a725d..3634f391490 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37980.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37980.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37980", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.833", - "lastModified": "2022-10-13T13:54:51.317", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.287", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows DHCP Client Elevation of Privilege Vulnerability." + "value": "Windows DHCP Client Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37981.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37981.json index 3cec8b311b7..e45e7bf14b9 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37981.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37981.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37981", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:12.937", - "lastModified": "2022-10-13T14:16:39.310", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.367", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Event Logging Service Denial of Service Vulnerability." + "value": "Windows Event Logging Service Denial of Service Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37982.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37982.json index 71c5b1c91cb..9355dbf93ee 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37982.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37982.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37982", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.000", - "lastModified": "2022-10-13T14:22:13.400", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.467", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38031." + "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-94" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37983.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37983.json index e914054b150..12d1219b264 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37983.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37983.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37983", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.077", - "lastModified": "2022-10-12T17:32:24.580", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.567", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft DWM Core Library Elevation of Privilege Vulnerability." + "value": "Microsoft DWM Core Library Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37984.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37984.json index 9da9025da7b..685845577f8 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37984.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37984.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37984", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.147", - "lastModified": "2022-10-12T17:34:46.953", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.647", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows WLAN Service Elevation of Privilege Vulnerability." + "value": "Windows WLAN Service Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37985.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37985.json index 3463e966084..3eb63217aac 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37985.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37985.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37985", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.220", - "lastModified": "2022-10-12T17:37:15.637", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.740", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Graphics Component Information Disclosure Vulnerability." + "value": "Windows Graphics Component Information Disclosure Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-668" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37986.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37986.json index 34cbf7174e2..62c2cf4a0dc 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37986.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37986.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37986", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.297", - "lastModified": "2022-10-12T17:44:26.940", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.830", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Win32k Elevation of Privilege Vulnerability." + "value": "Windows Win32k Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37987.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37987.json index b2255c169b9..6371f12b9c0 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37987.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37987.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37987", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.367", - "lastModified": "2022-10-12T14:56:35.910", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:12.937", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37989." + "value": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37988.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37988.json index 285cf776ec5..1212319cec1 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37988.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37988.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37988", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.437", - "lastModified": "2022-12-09T19:39:58.637", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.037", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039." + "value": "Windows Kernel Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37989.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37989.json index 885599787ed..1e4812f6f9a 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37989.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37989.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37989", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.503", - "lastModified": "2022-10-12T15:14:07.783", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.140", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37987." + "value": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37990.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37990.json index 784d46eaa56..d53b884236f 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37990.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37990.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37990", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.567", - "lastModified": "2022-10-12T14:27:41.163", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.237", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039." + "value": "Windows Kernel Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37991.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37991.json index dbecd8da087..7d49bd1c628 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37991.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37991.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37991", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.640", - "lastModified": "2023-01-19T03:25:20.717", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.323", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039." + "value": "Windows Kernel Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37993.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37993.json index 69bad6970be..927656ae404 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37993.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37993.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37993", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.707", - "lastModified": "2022-10-12T14:47:00.243", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.420", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37994, CVE-2022-37999." + "value": "Windows Group Policy Preference Client Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37994.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37994.json index c3befb08a7c..03597fb801b 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37994.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37994.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37994", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.783", - "lastModified": "2022-10-12T14:04:27.960", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.510", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37999." + "value": "Windows Group Policy Preference Client Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37995.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37995.json index 92bfb136826..97eb1fb97a0 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37995.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37995.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37995", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.877", - "lastModified": "2022-10-12T14:04:40.557", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.600", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039." + "value": "Windows Kernel Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37996.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37996.json index 914703288ad..73f4b695750 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37996.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37996.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37996", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:13.960", - "lastModified": "2022-10-12T14:09:26.840", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.690", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Memory Information Disclosure Vulnerability." + "value": "Windows Kernel Memory Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37997.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37997.json index f47370ed072..751f23c7ad5 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37997.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37997.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37997", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.030", - "lastModified": "2022-10-13T14:23:52.817", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.777", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-38051." + "value": "Windows Graphics Component Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37998.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37998.json index 57556d9351f..7a084fb3d70 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37998.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37998.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37998", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.107", - "lastModified": "2022-10-13T13:19:29.233", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.867", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37973." + "value": "Windows Local Session Manager (LSM) Denial of Service Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-379xx/CVE-2022-37999.json b/CVE-2022/CVE-2022-379xx/CVE-2022-37999.json index 3e2004563cc..b82a7eec191 100644 --- a/CVE-2022/CVE-2022-379xx/CVE-2022-37999.json +++ b/CVE-2022/CVE-2022-379xx/CVE-2022-37999.json @@ -2,12 +2,12 @@ "id": "CVE-2022-37999", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.180", - "lastModified": "2022-10-13T13:19:45.447", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:13.957", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37994." + "value": "Windows Group Policy Preference Client Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38000.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38000.json index 77180626e74..4fd4ec2febe 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38000.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38000.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38000", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.253", - "lastModified": "2022-10-13T13:06:42.097", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.043", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38047, CVE-2022-41081." + "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38001.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38001.json index 183557ab4df..bcdc6e5e56d 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38001.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38001.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38001", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.320", - "lastModified": "2022-10-12T17:28:09.410", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.137", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Spoofing Vulnerability." + "value": "Microsoft Office Spoofing Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38003.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38003.json index 1e3d9950ee1..eb8b8a32eaa 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38003.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38003.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38003", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.403", - "lastModified": "2022-10-12T17:29:17.087", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.233", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Resilient File System Elevation of Privilege." + "value": "Windows Resilient File System Elevation of Privilege" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38007.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38007.json index 2bf2fb95529..6b55e766f45 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38007.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38007.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38007", "sourceIdentifier": "secure@microsoft.com", "published": "2022-09-13T19:15:12.543", - "lastModified": "2022-09-16T17:55:24.993", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.357", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability." + "value": "Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38011.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38011.json index 2b0dd3e1b82..e7d04b2fb8a 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38011.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38011.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38011", "sourceIdentifier": "secure@microsoft.com", "published": "2022-09-13T19:15:12.757", - "lastModified": "2022-09-16T18:57:45.337", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.483", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Raw Image Extension Remote Code Execution Vulnerability." + "value": "Raw Image Extension Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38013.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38013.json index 6cd7701e565..0737590f52c 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38013.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38013.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38013", "sourceIdentifier": "secure@microsoft.com", "published": "2022-09-13T19:15:12.867", - "lastModified": "2023-11-07T03:49:58.943", + "lastModified": "2023-12-20T20:15:14.580", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": ".NET Core and Visual Studio Denial of Service Vulnerability." + "value": ".NET Core and Visual Studio Denial of Service Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38016.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38016.json index f4617c8ccb1..542f6472da1 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38016.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38016.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38016", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.477", - "lastModified": "2022-10-12T17:30:45.567", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.667", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability." + "value": "Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38017.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38017.json index aeb6cd3f76b..0a415978f8e 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38017.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38017.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38017", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.567", - "lastModified": "2022-10-12T17:10:05.630", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.750", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "StorSimple 8000 Series Elevation of Privilege Vulnerability." + "value": "StorSimple 8000 Series Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38019.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38019.json index f828c708bb0..a884f1a4fac 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38019.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38019.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38019", "sourceIdentifier": "secure@microsoft.com", "published": "2022-09-13T19:15:12.920", - "lastModified": "2022-09-16T18:35:55.993", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.827", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "AV1 Video Extension Remote Code Execution Vulnerability." + "value": "AV1 Video Extension Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38021.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38021.json index 38a6acb8019..e41187dd304 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38021.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38021.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38021", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.667", - "lastModified": "2022-10-12T17:09:40.197", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:14.917", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Connected User Experiences and Telemetry Elevation of Privilege Vulnerability." + "value": "Connected User Experiences and Telemetry Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38022.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38022.json index 40a5c60b9d4..4a59bdcd07a 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38022.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38022.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38022", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.773", - "lastModified": "2022-11-14T14:47:16.837", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.007", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039." + "value": "Windows Kernel Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38025.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38025.json index b0b1872cc5c..b258b9457af 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38025.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38025.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38025", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.850", - "lastModified": "2022-10-12T17:06:36.953", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.140", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Distributed File System (DFS) Information Disclosure Vulnerability." + "value": "Windows Distributed File System (DFS) Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38026.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38026.json index 3f0a8878962..7cae8618ba7 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38026.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38026.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38026", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.917", - "lastModified": "2022-10-12T16:52:55.033", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.233", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows DHCP Client Information Disclosure Vulnerability." + "value": "Windows DHCP Client Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38027.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38027.json index 87aa7355a1b..f794acba9eb 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38027.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38027.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38027", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:14.993", - "lastModified": "2022-10-12T16:52:33.060", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.317", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Storage Elevation of Privilege Vulnerability." + "value": "Windows Storage Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38028.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38028.json index 81728f18384..3710a965c8f 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38028.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38028.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38028", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:15.067", - "lastModified": "2022-10-12T17:11:15.017", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.410", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Print Spooler Elevation of Privilege Vulnerability." + "value": "Windows Print Spooler Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38029.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38029.json index b6ae32fa288..f8e56eb7318 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38029.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38029.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38029", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:15.133", - "lastModified": "2022-10-12T17:17:22.610", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.500", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows ALPC Elevation of Privilege Vulnerability." + "value": "Windows ALPC Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38030.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38030.json index 2645a5e55d8..a0aa36b7f6b 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38030.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38030.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38030", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:15.217", - "lastModified": "2022-10-12T17:19:05.140", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.607", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows USB Serial Driver Information Disclosure Vulnerability." + "value": "Windows USB Serial Driver Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38031.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38031.json index dd6e4be9cb1..34513c2e0d0 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38031.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38031.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38031", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:15.287", - "lastModified": "2022-10-12T17:11:54.140", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.713", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982." + "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38032.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38032.json index 08d5e2cd241..28d6540d43b 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38032.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38032.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38032", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:15.353", - "lastModified": "2022-12-15T17:28:56.550", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.800", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability." + "value": "Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38033.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38033.json index 21748610949..1d8ad31d52c 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38033.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38033.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38033", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:15.440", - "lastModified": "2022-10-12T17:21:01.127", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:15.900", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability." + "value": "Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38034.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38034.json index ac24160d8d9..df568dcbff1 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38034.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38034.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38034", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:15.833", - "lastModified": "2022-11-14T14:53:35.010", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.043", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Workstation Service Elevation of Privilege Vulnerability." + "value": "Windows Workstation Service Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38036.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38036.json index fa0dcbb5815..dfec915659f 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38036.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38036.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38036", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:16.183", - "lastModified": "2022-10-12T17:16:59.590", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.173", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability." + "value": "Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38037.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38037.json index 92a51e3676d..2d6c7e636d0 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38037.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38037.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38037", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:16.373", - "lastModified": "2022-11-09T04:02:35.647", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.263", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039." + "value": "Windows Kernel Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38038.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38038.json index 0ac65894d35..17f26427a1d 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38038.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38038.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38038", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:16.680", - "lastModified": "2023-01-19T03:26:53.877", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.353", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38039." + "value": "Windows Kernel Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38039.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38039.json index 0a69bc00ea4..4f1e318f7ee 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38039.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38039.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38039", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:16.967", - "lastModified": "2022-10-12T17:12:14.317", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.443", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038." + "value": "Windows Kernel Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38040.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38040.json index ca7ec055722..d35ed35dae5 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38040.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38040.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38040", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:17.357", - "lastModified": "2022-10-12T17:16:21.897", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.523", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft ODBC Driver Remote Code Execution Vulnerability." + "value": "Microsoft ODBC Driver Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38041.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38041.json index eac6804341e..7a501ba38fc 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38041.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38041.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38041", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:17.647", - "lastModified": "2022-10-12T19:39:46.337", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.610", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Secure Channel Denial of Service Vulnerability." + "value": "Windows Secure Channel Denial of Service Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38042.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38042.json index e4d08dfa104..e1b926a2666 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38042.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38042.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38042", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:18.063", - "lastModified": "2022-12-15T17:28:24.107", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.700", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Active Directory Domain Services Elevation of Privilege Vulnerability." + "value": "Active Directory Domain Services Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38043.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38043.json index 832de094002..abfe6aa8c9a 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38043.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38043.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38043", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:18.500", - "lastModified": "2022-11-14T15:24:54.080", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.793", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Security Support Provider Interface Information Disclosure Vulnerability." + "value": "Windows Security Support Provider Interface Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38044.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38044.json index 586483b7d04..62c4220f416 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38044.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38044.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38044", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:18.817", - "lastModified": "2022-10-12T19:50:35.520", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.883", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows CD-ROM File System Driver Remote Code Execution Vulnerability." + "value": "Windows CD-ROM File System Driver Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38045.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38045.json index 1c20f9ddbb0..77726111d67 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38045.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38045.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38045", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:19.150", - "lastModified": "2022-12-05T20:23:07.350", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:16.983", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Server Service Remote Protocol Elevation of Privilege Vulnerability." + "value": "Windows Server Service Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38046.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38046.json index b2c2c56b976..b5c6bedda70 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38046.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38046.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38046", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:19.410", - "lastModified": "2023-02-10T16:17:41.547", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.083", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Web Account Manager Information Disclosure Vulnerability." + "value": "Web Account Manager Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38047.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38047.json index 83f99360f11..1c0ea7d9be9 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38047.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38047.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38047", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:19.480", - "lastModified": "2022-10-13T15:55:15.180", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.170", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-41081." + "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38048.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38048.json index 83a80e86cac..96ed9e79ae2 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38048.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38048.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38048", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:19.550", - "lastModified": "2022-10-12T19:04:27.943", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.260", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Remote Code Execution Vulnerability." + "value": "Microsoft Office Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38049.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38049.json index 2429f54adfe..ce6e72d8b8c 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38049.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38049.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38049", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:19.680", - "lastModified": "2022-10-13T15:51:54.213", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.367", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Graphics Remote Code Execution Vulnerability." + "value": "Microsoft Office Graphics Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38050.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38050.json index d02e57a6612..c9761c76c98 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38050.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38050.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38050", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:19.837", - "lastModified": "2022-10-13T15:51:11.863", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.453", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Win32k Elevation of Privilege Vulnerability." + "value": "Win32k Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38051.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38051.json index a17cdebe005..26ecba17758 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38051.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38051.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38051", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.080", - "lastModified": "2022-10-13T15:50:53.617", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.527", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37997." + "value": "Windows Graphics Component Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38053.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38053.json index 974cabd9f61..27b73919263 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38053.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38053.json @@ -2,12 +2,12 @@ "id": "CVE-2022-38053", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.240", - "lastModified": "2022-10-13T15:43:39.813", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.617", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41036, CVE-2022-41037, CVE-2022-41038." + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41031.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41031.json index 3bd59c0bc5f..3f96067198e 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41031.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41031.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41031", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.383", - "lastModified": "2022-10-13T15:37:10.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.710", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Word Remote Code Execution Vulnerability." + "value": "Microsoft Word Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41032.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41032.json index 3aa2e69a8da..55d247bfdde 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41032.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41032.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41032", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.483", - "lastModified": "2023-12-13T16:14:01.337", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.783", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "NuGet Client Elevation of Privilege Vulnerability." + "value": "NuGet Client Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41033.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41033.json index 38a421f4211..00db1e2c9c0 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41033.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41033.json @@ -2,8 +2,8 @@ "id": "CVE-2022-41033", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.567", - "lastModified": "2022-10-13T15:26:28.407", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.880", + "vulnStatus": "Modified", "cisaExploitAdd": "2022-10-11", "cisaActionDue": "2022-11-01", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "Windows COM+ Event System Service Elevation of Privilege Vulnerability." + "value": "Windows COM+ Event System Service Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -49,7 +49,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-843" } ] } diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41034.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41034.json index 0c98a26774d..df78bdd0d63 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41034.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41034.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41034", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.643", - "lastModified": "2022-10-13T15:20:38.977", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:17.973", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Remote Code Execution Vulnerability." + "value": "Visual Studio Code Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41035.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41035.json index 2ea567bf33d..7bd206eff98 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41035.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41035.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41035", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.710", - "lastModified": "2022-11-14T14:41:38.017", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:18.063", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability." + "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41036.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41036.json index 897d8e714ca..cf23bf621f0 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41036.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41036.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41036", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.773", - "lastModified": "2022-10-12T16:51:49.517", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:18.157", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41037, CVE-2022-41038." + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41037.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41037.json index 5b30ddb264b..9e28dbcda34 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41037.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41037.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41037", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.833", - "lastModified": "2022-10-12T16:51:16.387", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:18.240", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41038." + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41038.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41038.json index 349723e2c50..20f3cd29881 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41038.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41038.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41038", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.907", - "lastModified": "2022-10-12T16:50:09.603", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:18.320", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41037." + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41040.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41040.json index 748d3ef515d..c4ad94030be 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41040.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41040.json @@ -2,7 +2,7 @@ "id": "CVE-2022-41040", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-03T01:15:08.753", - "lastModified": "2023-03-02T22:15:08.877", + "lastModified": "2023-12-20T20:15:18.393", "vulnStatus": "Modified", "cisaExploitAdd": "2022-09-30", "cisaActionDue": "2022-10-21", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability." + "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -49,7 +49,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-918" } ] } diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41042.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41042.json index 1477b9b9a6d..9eed550a5f4 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41042.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41042.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41042", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:20.980", - "lastModified": "2022-10-12T17:15:39.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:18.497", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Information Disclosure Vulnerability." + "value": "Visual Studio Code Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41043.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41043.json index 3621ec94c26..d28299fb11b 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41043.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41043.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41043", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:21.057", - "lastModified": "2022-12-05T20:23:14.073", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:18.577", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Information Disclosure Vulnerability." + "value": "Microsoft Office Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41081.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41081.json index 619b6507732..b652a8a2e24 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41081.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41081.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41081", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:21.143", - "lastModified": "2022-10-12T17:14:48.477", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:18.650", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047." + "value": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41082.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41082.json index 4c23ba32657..03764ef6679 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41082.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41082.json @@ -2,7 +2,7 @@ "id": "CVE-2022-41082", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-03T01:15:08.843", - "lastModified": "2023-03-02T22:15:09.123", + "lastModified": "2023-12-20T20:15:18.737", "vulnStatus": "Modified", "cisaExploitAdd": "2022-09-30", "cisaActionDue": "2022-10-21", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "Microsoft Exchange Server Remote Code Execution Vulnerability." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" }, { "lang": "es", @@ -25,8 +25,8 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", @@ -34,10 +34,10 @@ "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, + "baseScore": 8.0, "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 2.1, "impactScore": 5.9 } ] @@ -49,7 +49,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-502" } ] } diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41083.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41083.json index 6872c67f327..082d9405400 100644 --- a/CVE-2022/CVE-2022-410xx/CVE-2022-41083.json +++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41083.json @@ -2,12 +2,12 @@ "id": "CVE-2022-41083", "sourceIdentifier": "secure@microsoft.com", "published": "2022-10-11T19:15:21.217", - "lastModified": "2022-10-12T17:14:26.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T20:15:18.927", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Elevation of Privilege Vulnerability." + "value": "Visual Studio Code Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-446xx/CVE-2022-44684.json b/CVE-2022/CVE-2022-446xx/CVE-2022-44684.json new file mode 100644 index 00000000000..dc2d6d18f06 --- /dev/null +++ b/CVE-2022/CVE-2022-446xx/CVE-2022-44684.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-44684", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-12-20T20:15:19.003", + "lastModified": "2023-12-20T20:15:19.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Local Session Manager (LSM) Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44684", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json b/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json index 4f588c99437..879c4de1ae1 100644 --- a/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json +++ b/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4603", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-18T11:15:11.077", - "lastModified": "2023-11-07T03:58:19.557", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T19:14:03.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,23 +17,23 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "baseScore": 6.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, - "impactScore": 5.9 + "impactScore": 3.6 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -64,6 +64,16 @@ "value": "CWE-119" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47085.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47085.json index 5df2dae23c1..c1811b9cb7a 100644 --- a/CVE-2022/CVE-2022-470xx/CVE-2022-47085.json +++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47085.json @@ -2,7 +2,7 @@ "id": "CVE-2022-47085", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-18T14:15:12.263", - "lastModified": "2023-07-27T15:08:02.717", + "lastModified": "2023-12-20T19:13:40.243", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 7.5, + "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 } ] }, diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47597.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47597.json index aca0b874182..711b676f3fd 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47597.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47597.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47597", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:11.143", - "lastModified": "2023-12-20T18:15:11.143", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47599.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47599.json index 702000ca27a..722a8582e4b 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47599.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47599.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47599", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:11.417", - "lastModified": "2023-12-20T18:15:11.417", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-231xx/CVE-2023-23155.json b/CVE-2023/CVE-2023-231xx/CVE-2023-23155.json index 7787cf81a26..8d9936bc908 100644 --- a/CVE-2023/CVE-2023-231xx/CVE-2023-23155.json +++ b/CVE-2023/CVE-2023-231xx/CVE-2023-23155.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23155", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:12.797", - "lastModified": "2023-03-09T14:22:02.737", + "lastModified": "2023-12-20T20:08:08.343", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:art_gallery_management_system_project:art_gallery_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "0B9FB9A2-187A-4BED-A5AB-548E4E786745" + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" } ] } diff --git a/CVE-2023/CVE-2023-231xx/CVE-2023-23156.json b/CVE-2023/CVE-2023-231xx/CVE-2023-23156.json index b0dd63d338a..3fd744cc56a 100644 --- a/CVE-2023/CVE-2023-231xx/CVE-2023-23156.json +++ b/CVE-2023/CVE-2023-231xx/CVE-2023-23156.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23156", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:12.860", - "lastModified": "2023-03-06T19:52:51.737", + "lastModified": "2023-12-20T20:08:11.503", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:art_gallery_management_system_project:art_gallery_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "0B9FB9A2-187A-4BED-A5AB-548E4E786745" + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" } ] } diff --git a/CVE-2023/CVE-2023-231xx/CVE-2023-23157.json b/CVE-2023/CVE-2023-231xx/CVE-2023-23157.json index cefd598c66d..7ec6f87aafe 100644 --- a/CVE-2023/CVE-2023-231xx/CVE-2023-23157.json +++ b/CVE-2023/CVE-2023-231xx/CVE-2023-23157.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23157", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:12.917", - "lastModified": "2023-03-09T14:24:57.320", + "lastModified": "2023-12-20T20:08:15.050", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:art_gallery_management_system_project:art_gallery_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "0B9FB9A2-187A-4BED-A5AB-548E4E786745" + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" } ] } diff --git a/CVE-2023/CVE-2023-231xx/CVE-2023-23158.json b/CVE-2023/CVE-2023-231xx/CVE-2023-23158.json index e941a322750..90f5fe083f7 100644 --- a/CVE-2023/CVE-2023-231xx/CVE-2023-23158.json +++ b/CVE-2023/CVE-2023-231xx/CVE-2023-23158.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23158", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:12.973", - "lastModified": "2023-03-09T14:08:54.793", + "lastModified": "2023-12-20T20:08:18.170", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:art_gallery_management_system_project:art_gallery_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "0B9FB9A2-187A-4BED-A5AB-548E4E786745" + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" } ] } diff --git a/CVE-2023/CVE-2023-231xx/CVE-2023-23161.json b/CVE-2023/CVE-2023-231xx/CVE-2023-23161.json index 18121badd96..a0cd1867156 100644 --- a/CVE-2023/CVE-2023-231xx/CVE-2023-23161.json +++ b/CVE-2023/CVE-2023-231xx/CVE-2023-23161.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23161", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-10T20:15:53.313", - "lastModified": "2023-04-03T20:15:08.527", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T20:07:57.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:art_gallery_management_system_project:art_gallery_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "0B9FB9A2-187A-4BED-A5AB-548E4E786745" + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" } ] } @@ -66,7 +66,11 @@ "references": [ { "url": "http://packetstormsecurity.com/files/171642/Art-Gallery-Management-System-Project-1.0-Cross-Site-Scripting.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23161/CVE-2023-23161.txt", diff --git a/CVE-2023/CVE-2023-231xx/CVE-2023-23162.json b/CVE-2023/CVE-2023-231xx/CVE-2023-23162.json index d8a83ae8fbb..5c899b1d176 100644 --- a/CVE-2023/CVE-2023-231xx/CVE-2023-23162.json +++ b/CVE-2023/CVE-2023-231xx/CVE-2023-23162.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23162", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-10T20:15:53.703", - "lastModified": "2023-04-03T20:15:08.583", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T20:08:01.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:art_gallery_management_system_project:art_gallery_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "0B9FB9A2-187A-4BED-A5AB-548E4E786745" + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" } ] } @@ -66,7 +66,11 @@ "references": [ { "url": "http://packetstormsecurity.com/files/171643/Art-Gallery-Management-System-Project-1.0-SQL-Injection.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23162/CVE-2023-23162.txt", diff --git a/CVE-2023/CVE-2023-231xx/CVE-2023-23163.json b/CVE-2023/CVE-2023-231xx/CVE-2023-23163.json index e8415138cef..5b4ed249e87 100644 --- a/CVE-2023/CVE-2023-231xx/CVE-2023-23163.json +++ b/CVE-2023/CVE-2023-231xx/CVE-2023-23163.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23163", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-10T20:15:53.760", - "lastModified": "2023-04-03T20:15:08.627", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T20:08:04.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:art_gallery_management_system_project:art_gallery_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "0B9FB9A2-187A-4BED-A5AB-548E4E786745" + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" } ] } @@ -66,7 +66,11 @@ "references": [ { "url": "http://packetstormsecurity.com/files/171643/Art-Gallery-Management-System-Project-1.0-SQL-Injection.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23163/CVE-2023-23163.txt", diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23684.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23684.json index f065a4fc4ba..3e7078a54e3 100644 --- a/CVE-2023/CVE-2023-236xx/CVE-2023-23684.json +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23684.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23684", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T03:15:07.993", - "lastModified": "2023-11-17T18:28:56.910", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-20T20:10:54.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -79,9 +79,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:wpgraphql:wpgraphql:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:wpengine:wpgraphql:*:*:*:*:*:wordpress:*:*", "versionEndIncluding": "1.14.5", - "matchCriteriaId": "D1722AA7-48A1-4597-AD11-4CC63F1E7F36" + "matchCriteriaId": "5106F09D-5508-4BFB-96BF-862829C95E67" } ] } diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23970.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23970.json new file mode 100644 index 00000000000..bdd01c3a0b4 --- /dev/null +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23970.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23970", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T20:15:19.177", + "lastModified": "2023-12-20T20:15:19.177", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/corsa/wordpress-corsa-theme-1-5-arbitrary-file-upload?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-247xx/CVE-2023-24726.json b/CVE-2023/CVE-2023-247xx/CVE-2023-24726.json index 4e2f02dcc7b..7a5316b2064 100644 --- a/CVE-2023/CVE-2023-247xx/CVE-2023-24726.json +++ b/CVE-2023/CVE-2023-247xx/CVE-2023-24726.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24726", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T14:15:11.563", - "lastModified": "2023-03-17T18:19:15.197", + "lastModified": "2023-12-20T20:08:21.123", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:art_gallery_management_system_project:art_gallery_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "0B9FB9A2-187A-4BED-A5AB-548E4E786745" + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" } ] } diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25970.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25970.json new file mode 100644 index 00000000000..17cfceadce8 --- /dev/null +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25970.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25970", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T20:15:19.380", + "lastModified": "2023-12-20T20:15:19.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop \u2013 Global Dropshipping.This issue affects Zendrop \u2013 Global Dropshipping: from n/a through 1.0.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/zendrop-dropshipping-and-fulfillment/wordpress-zendrop-global-dropshipping-plugin-1-0-0-arbitrary-file-upload?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26525.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26525.json index a4db3876465..f29301a3219 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26525.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26525.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26525", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:11.680", - "lastModified": "2023-12-20T18:15:11.680", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28170.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28170.json new file mode 100644 index 00000000000..405fdd8dab6 --- /dev/null +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28170.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28170", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:08.350", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/theme-demo-import/wordpress-theme-demo-import-plugin-1-1-1-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28491.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28491.json index ae86e8dcd87..2d81f19ce18 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28491.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28491.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28491", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:11.883", - "lastModified": "2023-12-20T18:15:11.883", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28788.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28788.json index d415967d7c7..298cf7ad935 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28788.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28788.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28788", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:12.130", - "lastModified": "2023-12-20T18:15:12.130", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29096.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29096.json index 5268d66db52..3fee7c6da7c 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29096.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29096.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29096", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:12.327", - "lastModified": "2023-12-20T18:15:12.327", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29102.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29102.json new file mode 100644 index 00000000000..7a64d2e63f7 --- /dev/null +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29102.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29102", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:08.560", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-0-9-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29384.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29384.json new file mode 100644 index 00000000000..fdb12c7ca15 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29384.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29384", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:08.740", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin \u2013 JobWP.This issue affects WordPress Job Board and Recruitment Plugin \u2013 JobWP: from n/a through 2.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/jobwp/wordpress-job-board-and-recruitment-plugin-jobwp-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29432.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29432.json index 4af8f30072f..89fa912ec2c 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29432.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29432.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29432", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:12.587", - "lastModified": "2023-12-20T18:15:12.587", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30495.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30495.json index 29f0345b6f3..13a649426c4 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30495.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30495.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30495", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T17:15:07.740", - "lastModified": "2023-12-20T17:15:07.740", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30750.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30750.json index 7e52232b298..00b7c8a5a42 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30750.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30750.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30750", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T17:15:07.953", - "lastModified": "2023-12-20T17:15:07.953", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30872.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30872.json index cb9659aee45..67938b95581 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30872.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30872.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30872", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T17:15:08.157", - "lastModified": "2023-12-20T17:15:08.157", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31215.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31215.json new file mode 100644 index 00000000000..0439bd6bcc4 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31215.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31215", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:08.930", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-amazon-shop/wordpress-dropshipping-affiliation-with-amazon-plugin-2-1-2-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31231.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31231.json new file mode 100644 index 00000000000..3602032787c --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31231.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31231", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:09.133", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-65-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31932.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31932.json index a168125bd36..203d95e028a 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31932.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31932.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31932", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-28T14:15:10.007", - "lastModified": "2023-08-02T03:54:45.403", + "lastModified": "2023-12-20T20:09:04.483", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7" + "criteria": "cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E30595D-1FA7-4037-92CB-26C48EBAA07C" } ] } diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31933.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31933.json index 5ee292b7399..6f6c32b6281 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31933.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31933.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31933", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-28T14:15:10.290", - "lastModified": "2023-08-02T03:55:03.500", + "lastModified": "2023-12-20T20:09:09.700", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7" + "criteria": "cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E30595D-1FA7-4037-92CB-26C48EBAA07C" } ] } diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31934.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31934.json index 7c049bc1764..906c99a1087 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31934.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31934.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31934", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-28T14:15:10.347", - "lastModified": "2023-08-02T03:55:08.470", + "lastModified": "2023-12-20T20:09:13.353", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7" + "criteria": "cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E30595D-1FA7-4037-92CB-26C48EBAA07C" } ] } diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31935.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31935.json index 58af3e77e34..23ebf8dbb3a 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31935.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31935.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31935", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-28T14:15:10.403", - "lastModified": "2023-08-02T03:55:11.817", + "lastModified": "2023-12-20T20:09:16.987", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7" + "criteria": "cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E30595D-1FA7-4037-92CB-26C48EBAA07C" } ] } diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31936.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31936.json index e4f5f4cb3ab..ac41d05013b 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31936.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31936.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31936", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-28T14:15:10.457", - "lastModified": "2023-08-02T03:55:14.950", + "lastModified": "2023-12-20T20:09:20.560", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7" + "criteria": "cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E30595D-1FA7-4037-92CB-26C48EBAA07C" } ] } diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31937.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31937.json index e9217000b09..14bc7174cce 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31937.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31937.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31937", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-28T14:15:10.507", - "lastModified": "2023-08-02T03:55:18.067", + "lastModified": "2023-12-20T20:09:24.087", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7" + "criteria": "cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E30595D-1FA7-4037-92CB-26C48EBAA07C" } ] } diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3164.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3164.json index 1fabcbeb1e5..a21792e2e44 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3164.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3164.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3164", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-02T12:15:09.543", - "lastModified": "2023-12-08T12:15:44.307", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T19:13:34.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,20 +21,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", + "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 7.1, - "baseSeverity": "HIGH" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 5.2 + "impactScore": 3.6 }, { "source": "secalert@redhat.com", @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-125" + "value": "CWE-787" } ] }, @@ -116,15 +116,25 @@ "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3164", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213531", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/542", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3275.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3275.json index 2a8ec2a89e8..d8bb05d0b32 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3275.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3275.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3275", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-15T13:15:09.713", - "lastModified": "2023-11-07T04:18:23.383", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T20:10:40.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -100,8 +100,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7" + "criteria": "cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E30595D-1FA7-4037-92CB-26C48EBAA07C" } ] } diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33318.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33318.json new file mode 100644 index 00000000000..f8f22237fe7 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33318.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33318", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:09.337", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34007.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34007.json new file mode 100644 index 00000000000..dbf42e77799 --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34007.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34007", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:09.523", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-8-3-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34385.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34385.json new file mode 100644 index 00000000000..2a0ab660adf --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34385.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34385", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:09.710", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/export-import-menus/wordpress-export-import-menus-plugin-1-8-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37743.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37743.json index a7986c0df5f..86c39e6d68e 100644 --- a/CVE-2023/CVE-2023-377xx/CVE-2023-37743.json +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37743.json @@ -2,7 +2,7 @@ "id": "CVE-2023-37743", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-13T16:15:09.117", - "lastModified": "2023-07-21T15:09:33.317", + "lastModified": "2023-12-20T20:08:49.497", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:teacher_subject_allocation_system_project:teacher_subject_allocation_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "1DE3DA24-4FE8-41C9-B8D6-2C70A710C1BC" + "criteria": "cpe:2.3:a:phpgurukul:teacher_subject_allocation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D84EFC0D-76B1-4CA2-9836-F0F0A33FA6B5" } ] } diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40204.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40204.json new file mode 100644 index 00000000000..0070268e27d --- /dev/null +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40204.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-40204", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:09.923", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/folders/wordpress-folders-plugin-2-9-2-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40630.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40630.json index 94a26058c1e..106c2ebcbcd 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40630.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40630.json @@ -2,16 +2,53 @@ "id": "CVE-2023-40630", "sourceIdentifier": "security@joomla.org", "published": "2023-12-14T09:15:41.630", - "lastModified": "2023-12-14T13:51:59.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:13:31.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauthenticated LFI/SSRF in JCDashboards component for Joomla." + }, + { + "lang": "es", + "value": "LFI/SSRF no autenticado en el componente JCDashboards para Joomla." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "security@joomla.org", "type": "Secondary", @@ -23,10 +60,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomcode:jcdashboard:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.0.0", + "versionEndIncluding": "1.1.30", + "matchCriteriaId": "7E3487BA-F30C-4ED5-9139-9FE1946759DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://extensions.joomla.org/extension/jcdashboards/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45603.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45603.json new file mode 100644 index 00000000000..e222e0abb86 --- /dev/null +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45603.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45603", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:10.117", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End: from n/a through 20230902.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46149.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46149.json new file mode 100644 index 00000000000..0040f505134 --- /dev/null +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46149.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46149", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:10.310", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-unrestricted-zip-extraction-lead-to-rce-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46998.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46998.json index 3b9b943617d..40365a8b85d 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46998.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46998.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46998", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-07T05:15:13.657", - "lastModified": "2023-11-14T18:27:02.033", + "lastModified": "2023-12-20T20:09:44.320", "vulnStatus": "Analyzed", "descriptions": [ { @@ -60,9 +60,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:bootboxjs:bootbox:*:*:*:*:*:node.js:*:*", - "versionStartIncluding": "3.2", - "versionEndIncluding": "6.0", - "matchCriteriaId": "0E78940E-9CFA-4AEB-8703-D73E1FBA5FCF" + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "6.0.0", + "matchCriteriaId": "78B59235-F11D-45F3-BC6F-15B49C64CCC1" } ] } diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47118.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47118.json index 3a46681a012..f0206d4ffea 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47118.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47118.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47118", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-20T17:15:08.623", - "lastModified": "2023-12-20T17:15:08.623", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47784.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47784.json new file mode 100644 index 00000000000..10745294f0c --- /dev/null +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47784.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47784", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:10.507", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/revslider/wordpress-slider-revolution-plugin-6-6-15-author-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47990.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47990.json new file mode 100644 index 00000000000..8f8b58a6fa9 --- /dev/null +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47990.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47990", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T19:15:10.697", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/d3do-23/cuppacve/blob/main/sql%20in%20edit_admin_table.php", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49153.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49153.json index 9496d188c27..0df99a72d9c 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49153.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49153.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49153", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-18T23:15:08.503", - "lastModified": "2023-12-19T13:42:22.313", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:59:31.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastrology:add_to_cart_text_changer_and_customize_button\\,_add_custom_icon:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0", + "matchCriteriaId": "9D02F247-D561-4D5F-AB17-F8D18A09B2A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-add-to-cart-text-change/wordpress-add-to-cart-text-changer-and-customize-button-add-custom-icon-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49161.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49161.json index 5209897aa5b..8908cb75a0f 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49161.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49161.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49161", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:12.787", - "lastModified": "2023-12-20T18:15:12.787", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49166.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49166.json index 4cd672d006c..28445958aa8 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49166.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49166.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49166", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:12.997", - "lastModified": "2023-12-20T18:15:12.997", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49269.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49269.json index fc7ca9e5b4c..924ebab195b 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49269.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49269.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49269", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-20T18:15:13.240", - "lastModified": "2023-12-20T18:15:13.240", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49270.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49270.json new file mode 100644 index 00000000000..c67cdd2c281 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49270.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49270", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-20T20:15:19.597", + "lastModified": "2023-12-20T20:15:19.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource\u00a0is copied into the HTML document as plain text\u00a0between tags. Any input is echoed unmodified in the\u00a0application's response.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/lang/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.kashipara.com/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49271.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49271.json new file mode 100644 index 00000000000..96c495c34d2 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49271.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49271", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-20T20:15:19.800", + "lastModified": "2023-12-20T20:15:19.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource\u00a0is copied into the HTML document as plain text\u00a0between tags. Any input is echoed unmodified in the\u00a0application's response.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/lang/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.kashipara.com/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49272.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49272.json new file mode 100644 index 00000000000..52fb68b7dcd --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49272.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49272", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-20T20:15:20.010", + "lastModified": "2023-12-20T20:15:20.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource\u00a0is copied into the HTML document as plain text\u00a0between tags. Any input is echoed unmodified in the\u00a0application's response.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/lang/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.kashipara.com/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49345.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49345.json index 0a5b320bbb8..95d0467328a 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49345.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49345.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49345", "sourceIdentifier": "security@ubuntu.com", "published": "2023-12-14T22:15:43.407", - "lastModified": "2023-12-14T22:44:49.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:58:34.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + }, + { + "lang": "es", + "value": "Los datos temporales pasados entre los componentes de la aplicaci\u00f3n mediante el subprograma Budgie Extras Takeabreak podr\u00edan verse o manipularse. Los datos se almacenan en una ubicaci\u00f3n a la que puede acceder cualquier usuario que tenga acceso local al sistema. Los atacantes pueden crear previamente y controlar este archivo para presentar informaci\u00f3n falsa a los usuarios o negar el acceso a la aplicaci\u00f3n y al panel." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -50,18 +84,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ubuntubudgie:budgie_extras:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.4.0", + "versionEndExcluding": "1.7.1", + "matchCriteriaId": "8486FB0D-3D4A-437C-94B7-605883A1D427" + } + ] + } + ] + } + ], "references": [ { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49345", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-rvhc-rch9-j943", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ubuntu.com/security/notices/USN-6556-1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49346.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49346.json index 1f9c812b9ff..3ad4e84e5a4 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49346.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49346.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49346", "sourceIdentifier": "security@ubuntu.com", "published": "2023-12-14T22:15:43.603", - "lastModified": "2023-12-14T22:44:49.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:56:09.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + }, + { + "lang": "es", + "value": "Los datos temporales pasados entre los componentes de la aplicaci\u00f3n mediante el subprograma Budgie Extras WeatherShow podr\u00edan verse o manipularse. Los datos se almacenan en una ubicaci\u00f3n a la que puede acceder cualquier usuario que tenga acceso local al sistema. Los atacantes pueden crear previamente y controlar este archivo para presentar informaci\u00f3n falsa a los usuarios o negar el acceso a la aplicaci\u00f3n y al panel." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -50,18 +84,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ubuntubudgie:budgie_extras:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.4.0", + "versionEndExcluding": "1.7.1", + "matchCriteriaId": "8486FB0D-3D4A-437C-94B7-605883A1D427" + } + ] + } + ] + } + ], "references": [ { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49346", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-rffw-gg7p-5688", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ubuntu.com/security/notices/USN-6556-1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49347.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49347.json index 9ed1f91d60b..8e6f1ac0585 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49347.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49347.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49347", "sourceIdentifier": "security@ubuntu.com", "published": "2023-12-14T22:15:43.787", - "lastModified": "2023-12-14T22:44:49.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:41:11.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application." + }, + { + "lang": "es", + "value": "Los datos temporales pasados entre los componentes de la aplicaci\u00f3n mediante Budgie Extras Windows Previews podr\u00edan verse o manipularse. Los datos se almacenan en una ubicaci\u00f3n a la que puede acceder cualquier usuario que tenga acceso local al sistema. Los atacantes pueden leer informaci\u00f3n privada de Windows, presentar informaci\u00f3n falsa a los usuarios o negar el acceso a la aplicaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -50,18 +84,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ubuntubudgie:budgie_extras:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.4.0", + "versionEndExcluding": "1.7.1", + "matchCriteriaId": "8486FB0D-3D4A-437C-94B7-605883A1D427" + } + ] + } + ] + } + ], "references": [ { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49347", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-xxfq-fqfp-cpvj", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ubuntu.com/security/notices/USN-6556-1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49752.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49752.json index 5ab5fb7757f..ac477c84b6b 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49752.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49752.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49752", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T18:15:13.460", - "lastModified": "2023-12-20T18:15:13.460", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49814.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49814.json new file mode 100644 index 00000000000..5a860b15e8a --- /dev/null +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49814.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49814", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-20T19:15:10.740", + "lastModified": "2023-12-20T19:52:34.443", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/symbiostock/wordpress-symbiostock-lite-plugin-6-0-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50965.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50965.json index f78e7db7572..aab78977319 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50965.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50965.json @@ -2,23 +2,88 @@ "id": "CVE-2023-50965", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-17T02:15:21.267", - "lastModified": "2023-12-18T14:05:28.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:02:23.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI." + }, + { + "lang": "es", + "value": "En MicroHttpServer (tambi\u00e9n conocido como Micro HTTP Server) hasta 4398570, _ReadStaticFiles en lib/middleware.c permite un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria y una ejecuci\u00f3n de c\u00f3digo potencialmente remota a trav\u00e9s de un URI largo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:starnight:micro_http_server:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1464DBE3-B59A-4C81-A17F-DD3F18EB7AFC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/starnight/MicroHttpServer/issues/5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://github.com/starnight/MicroHttpServer/tree/43985708ef5fe7677392c54e229bd22e136c2665", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6121.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6121.json index 86568fa68c1..77485b4b3a4 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6121.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6121.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6121", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-16T15:15:11.197", - "lastModified": "2023-11-28T19:07:25.920", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T19:15:10.930", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg)." + "value": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg)." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6134.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6134.json index 2467e0b2cd5..e1793e41e38 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6134.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6134.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6134", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-14T22:15:44.087", - "lastModified": "2023-12-14T22:44:49.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:29:14.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Keycloak que impide ciertos esquemas en las redirecciones, pero los permite si se agrega un comod\u00edn al token. Este problema podr\u00eda permitir que un atacante env\u00ede una solicitud especialmente manipulada que d\u00e9 lugar a cross-site scripting (XSS) o m\u00e1s ataques. Esta falla es el resultado de una soluci\u00f3n incompleta para CVE-2020-10748." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,20 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,42 +84,103 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.6.6", + "matchCriteriaId": "2D009FB2-5B1A-4276-8FAF-B94F59CF2C40" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.0.7", + "matchCriteriaId": "66A01C0F-CB27-4A62-9B86-C35CCD605AB6" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:7854", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7855", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7856", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7857", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7858", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7860", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7861", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6134", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6886.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6886.json index 5cf001a466d..a91fbde90bb 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6886.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6886.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6886", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T01:15:27.307", - "lastModified": "2023-12-18T14:05:28.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:41:07.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en xnx3 wangmarket 6.1. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del componente Role Management Page es afectada por este problema. La manipulaci\u00f3n conduce a la inyecci\u00f3n de c\u00f3digo. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-248246 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +105,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wang.market:wangmarket:6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4C1E04C7-12E0-4F30-905F-EB779F9B1234" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xnx3/wangmarket/issues/8", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://vuldb.com/?ctiid.248246", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248246", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6887.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6887.json index 9e696e981ca..e6c9241c909 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6887.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6887.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6887", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T01:15:27.553", - "lastModified": "2023-12-18T14:05:28.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T19:51:23.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en saysky ForestBlog hasta 20220630 y clasificada como cr\u00edtica. Una parte desconocida del archivo /admin/upload/img del componente Image Upload Handler ha sido encontrada y clasificada como cr\u00edtica. La manipulaci\u00f3n del argumento nombre de archivo conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-248247." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:forestblog_project:forestblog:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2022-06-30", + "matchCriteriaId": "5AC85B8A-4716-4E2F-9A5A-6585CFEF3014" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/daydust/vuln/blob/main/ForestBlog/Arbitrary_File_Upload_Vulnerability.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248247", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.248247", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6888.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6888.json index 49afbe231f3..8cd399cbe6a 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6888.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6888.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6888", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T01:15:27.783", - "lastModified": "2023-12-18T14:05:28.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T19:54:21.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en PHZ76 RtspServer 1.0.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n ParseRequestLine del archivo RtspMesaage.cpp. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248248. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,22 +105,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phz76:rtspserver:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FEF8411B-772E-4B20-817D-894D4ADADB6A" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.huiyao.love/2023/12/08/rtspserver-stackoverflow-vulnerability/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/hu1y40/PoC/blob/main/rtspserver_stackoverflow_poc.py", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.248248", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248248", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6891.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6891.json index 2a8e7ee7121..8531bb7b8ac 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6891.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6891.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6891", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T04:15:07.137", - "lastModified": "2023-12-18T14:05:28.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:05:21.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en PeaZip 9.4.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida en la librer\u00eda dragdropfilesdll.dll del componente Library Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda incontrolada. Un ataque debe abordarse localmente. La actualizaci\u00f3n a la versi\u00f3n 9.6.0 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-248251. NOTA: Se contact\u00f3 al proveedor temprano, confirm\u00f3 la existencia de la falla e inmediatamente trabaj\u00f3 en una versi\u00f3n parcheada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:peazip:peazip:9.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4FE14922-2436-4AF1-B56D-AEE39D2955B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://peazip.github.io/changelog.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vuldb.com/?ctiid.248251", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248251", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6893.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6893.json index 068f96e86e8..51064f0deba 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6893.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6893.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6893", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T07:15:07.137", - "lastModified": "2023-12-19T09:15:37.577", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T19:37:52.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\\ICPAS\\Wnmp\\WWW\\php\\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /php/exportrecord.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento downname con la entrada C:\\ICPAS\\Wnmp\\WWW\\php\\conversion.php conduce a un path traversal. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248252. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,200 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.3", + "versionEndExcluding": "4.1.0", + "matchCriteriaId": "39CE5FB3-D552-4149-A2B8-4D6EA9B02E2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-bk:-:*:*:*:*:*:*:*", + "matchCriteriaId": "958036E7-556B-4211-91F2-B03FD7B9BD48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-dis:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E42EB382-C853-405D-B3D6-777CA0750270" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C12AC351-A6DB-4F58-899A-FE625DA97219" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-in:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51038A2A-4C52-4029-8ECB-B33018681439" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-info:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F62F9A95-A31C-4047-81D2-0CD30449A71A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kk:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00241160-697B-4177-97AE-9B98EBF962A8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kk\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E47560E1-FC85-44C0-8804-5426062ADBB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "187E6DA2-2909-489A-86B6-AEF22B5E81D3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kp\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "653905C8-EED2-4EF6-A19C-740D93AD2C59" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C9CEE9CB-03CD-4220-9B89-1C5C8A9FE1B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd3003-e6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "42374DAF-62B0-41FF-91D2-E8410BCE6B69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF0DE650-B929-4F05-B2D1-CE59ADBF05A4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/flush:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5640AA88-730E-43FB-88D2-F3D65396DE15" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/ns:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF2F30EE-469B-42E5-9570-6D26C37460A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "96F5783F-87ED-4AAE-801B-27D287991A7B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/surface:-:*:*:*:*:*:*:*", + "matchCriteriaId": "926B6EE1-7CF4-4A99-9C6F-7DDC26C9A702" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6220-le1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "547F6609-4304-4CB8-A07A-2C3D2E7241E8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-le1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4DAC9C0-6A97-4AA2-9FBE-58E5E1D11666" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-tde1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3BC79E9F-0971-46B0-B0AB-062AB4653345" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-te1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BD7D924-84B8-4253-995C-A1E74B3C329C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-wtde1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FF4C1CB8-96D8-4E28-B85A-29D05BE4C272" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97264003-9B83-444C-ADEF-5F0E61C96618" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6350-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9562CB3D-9491-407C-9A59-0F0C48D724BA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6351-te1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA19A366-0EE7-45D2-A3B2-4EE397FBA95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6351-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B61ABFF8-5AD3-4367-AA3E-E36DCD93ABE6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh63le1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7B1FDC90-73BA-4691-B942-AE30CA342C9A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh8520-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97280A4A-0EFE-418C-9E94-92239E463163" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh9310-wte1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3244947-9255-48E0-9491-CD2DFBF21943" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh9510-wte1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "62E1B212-E667-4FC0-AF02-116F58D917F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/willchen0011/cve/blob/main/download.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248252", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248252", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6899.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6899.json index a879703d973..afaea334afa 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6899.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6899.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6899", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T13:15:42.910", - "lastModified": "2023-12-18T14:05:22.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:29:39.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en rmountjoy92 DashMachine 0.5-4 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /settings/save_config del componente Config Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento value_template conduce a la inyecci\u00f3n de c\u00f3digo. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248257." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rmountjoy92:dashmachine:0.5-4:*:*:*:*:*:*:*", + "matchCriteriaId": "9C3FBC25-0C0B-4006-8E37-B67E6184E8CA" + } + ] + } + ] + } + ], "references": [ { "url": "https://treasure-blarney-085.notion.site/DashMachine-Unauthorized-RCE-931a35a81af9448ebe9fb4cd904d4a0c", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248257", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248257", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6900.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6900.json index 6983a13c474..cc1f81af556 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6900.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6900.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6900", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T14:15:36.947", - "lastModified": "2023-12-18T14:05:22.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:35:24.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en rmountjoy92 DashMachine 0.5-4 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /settings/delete_file es afectada por este problema. La manipulaci\u00f3n del archivo de argumentos conduce a path traversal: '../filedir'. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-248258 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +105,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rmountjoy92:dashmachine:0.5-4:*:*:*:*:*:*:*", + "matchCriteriaId": "9C3FBC25-0C0B-4006-8E37-B67E6184E8CA" + } + ] + } + ] + } + ], "references": [ { "url": "https://treasure-blarney-085.notion.site/DashMachine-Arbitrary-File-Deletion-ab44f2fe68e843c393ae9e0c1d487676", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248258", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248258", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6901.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6901.json index fe6b9d8a4f4..cc82d877a24 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6901.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6901.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6901", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T14:15:37.170", - "lastModified": "2023-12-18T14:05:22.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:11:33.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en codelyfe Stupid Simple CMS hasta 1.2.3 y clasificada como cr\u00edtica. Una parte desconocida del archivo /terminal/handle-command.php del componente HTTP POST Request Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento comando con la entrada whoami conduce a la inyecci\u00f3n del comando os. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-248259." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codelyfe:stupid_simple_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.1.7", + "versionEndIncluding": "1.2.3", + "matchCriteriaId": "0494A51D-B996-46F3-B084-D32A422517E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/g1an123/POC/blob/main/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248259", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.248259", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6906.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6906.json index b68287242af..320ffd256ac 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6906.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6906.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6906", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-18T04:15:51.227", - "lastModified": "2023-12-18T14:05:17.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:47:26.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Totolink A7100RU 7.4cu.2313_B20191024 y clasificada como cr\u00edtica. La funci\u00f3n main del archivo /cgi-bin/cstecgi.cgi?action=login del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento flag con la entrada ie8 provoca un desbordamiento de b\u00fafer. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248268. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +105,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", + "matchCriteriaId": "83C47206-6608-4258-A2FE-D15C5637192D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/unpWn4bL3/iot-security/blob/main/1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248268", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248268", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6907.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6907.json index e2c2942bdb8..7d4df28e16c 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6907.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6907.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6907", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-18T04:15:51.693", - "lastModified": "2023-12-18T14:05:17.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T20:50:06.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en codelyfe Stupid Simple CMS hasta 1.2.4 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /file-manager/delete.php del componente Deletion Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n del archivo de argumentos conduce a una autenticaci\u00f3n incorrecta. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248269." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codelyfe:stupid_simple_cms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.2.4", + "matchCriteriaId": "700DA84E-DA65-4B87-B847-E4C61E24F5D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20deletion.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248269", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248269", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7018.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7018.json index 8682c1a92c4..ac448e78cd5 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7018.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7018.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7018", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-20T17:15:08.823", - "lastModified": "2023-12-20T17:15:08.823", - "vulnStatus": "Received", + "lastModified": "2023-12-20T19:52:41.030", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 5f1d5a7414c..9005ef78e03 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-20T19:00:24.730076+00:00 +2023-12-20T21:00:24.583487+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-20T18:51:56.390000+00:00 +2023-12-20T20:59:31.170000+00:00 ``` ### Last Data Feed Release @@ -29,60 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233870 +233890 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `20` -* [CVE-2022-47597](CVE-2022/CVE-2022-475xx/CVE-2022-47597.json) (`2023-12-20T18:15:11.143`) -* [CVE-2022-47599](CVE-2022/CVE-2022-475xx/CVE-2022-47599.json) (`2023-12-20T18:15:11.417`) -* [CVE-2023-30495](CVE-2023/CVE-2023-304xx/CVE-2023-30495.json) (`2023-12-20T17:15:07.740`) -* [CVE-2023-30750](CVE-2023/CVE-2023-307xx/CVE-2023-30750.json) (`2023-12-20T17:15:07.953`) -* [CVE-2023-30872](CVE-2023/CVE-2023-308xx/CVE-2023-30872.json) (`2023-12-20T17:15:08.157`) -* [CVE-2023-47118](CVE-2023/CVE-2023-471xx/CVE-2023-47118.json) (`2023-12-20T17:15:08.623`) -* [CVE-2023-7018](CVE-2023/CVE-2023-70xx/CVE-2023-7018.json) (`2023-12-20T17:15:08.823`) -* [CVE-2023-26525](CVE-2023/CVE-2023-265xx/CVE-2023-26525.json) (`2023-12-20T18:15:11.680`) -* [CVE-2023-28491](CVE-2023/CVE-2023-284xx/CVE-2023-28491.json) (`2023-12-20T18:15:11.883`) -* [CVE-2023-28788](CVE-2023/CVE-2023-287xx/CVE-2023-28788.json) (`2023-12-20T18:15:12.130`) -* [CVE-2023-29096](CVE-2023/CVE-2023-290xx/CVE-2023-29096.json) (`2023-12-20T18:15:12.327`) -* [CVE-2023-29432](CVE-2023/CVE-2023-294xx/CVE-2023-29432.json) (`2023-12-20T18:15:12.587`) -* [CVE-2023-49161](CVE-2023/CVE-2023-491xx/CVE-2023-49161.json) (`2023-12-20T18:15:12.787`) -* [CVE-2023-49166](CVE-2023/CVE-2023-491xx/CVE-2023-49166.json) (`2023-12-20T18:15:12.997`) -* [CVE-2023-49269](CVE-2023/CVE-2023-492xx/CVE-2023-49269.json) (`2023-12-20T18:15:13.240`) -* [CVE-2023-49752](CVE-2023/CVE-2023-497xx/CVE-2023-49752.json) (`2023-12-20T18:15:13.460`) +* [CVE-2022-44684](CVE-2022/CVE-2022-446xx/CVE-2022-44684.json) (`2023-12-20T20:15:19.003`) +* [CVE-2023-28170](CVE-2023/CVE-2023-281xx/CVE-2023-28170.json) (`2023-12-20T19:15:08.350`) +* [CVE-2023-29102](CVE-2023/CVE-2023-291xx/CVE-2023-29102.json) (`2023-12-20T19:15:08.560`) +* [CVE-2023-29384](CVE-2023/CVE-2023-293xx/CVE-2023-29384.json) (`2023-12-20T19:15:08.740`) +* [CVE-2023-31215](CVE-2023/CVE-2023-312xx/CVE-2023-31215.json) (`2023-12-20T19:15:08.930`) +* [CVE-2023-31231](CVE-2023/CVE-2023-312xx/CVE-2023-31231.json) (`2023-12-20T19:15:09.133`) +* [CVE-2023-33318](CVE-2023/CVE-2023-333xx/CVE-2023-33318.json) (`2023-12-20T19:15:09.337`) +* [CVE-2023-34007](CVE-2023/CVE-2023-340xx/CVE-2023-34007.json) (`2023-12-20T19:15:09.523`) +* [CVE-2023-34385](CVE-2023/CVE-2023-343xx/CVE-2023-34385.json) (`2023-12-20T19:15:09.710`) +* [CVE-2023-40204](CVE-2023/CVE-2023-402xx/CVE-2023-40204.json) (`2023-12-20T19:15:09.923`) +* [CVE-2023-45603](CVE-2023/CVE-2023-456xx/CVE-2023-45603.json) (`2023-12-20T19:15:10.117`) +* [CVE-2023-46149](CVE-2023/CVE-2023-461xx/CVE-2023-46149.json) (`2023-12-20T19:15:10.310`) +* [CVE-2023-47784](CVE-2023/CVE-2023-477xx/CVE-2023-47784.json) (`2023-12-20T19:15:10.507`) +* [CVE-2023-47990](CVE-2023/CVE-2023-479xx/CVE-2023-47990.json) (`2023-12-20T19:15:10.697`) +* [CVE-2023-49814](CVE-2023/CVE-2023-498xx/CVE-2023-49814.json) (`2023-12-20T19:15:10.740`) +* [CVE-2023-23970](CVE-2023/CVE-2023-239xx/CVE-2023-23970.json) (`2023-12-20T20:15:19.177`) +* [CVE-2023-25970](CVE-2023/CVE-2023-259xx/CVE-2023-25970.json) (`2023-12-20T20:15:19.380`) +* [CVE-2023-49270](CVE-2023/CVE-2023-492xx/CVE-2023-49270.json) (`2023-12-20T20:15:19.597`) +* [CVE-2023-49271](CVE-2023/CVE-2023-492xx/CVE-2023-49271.json) (`2023-12-20T20:15:19.800`) +* [CVE-2023-49272](CVE-2023/CVE-2023-492xx/CVE-2023-49272.json) (`2023-12-20T20:15:20.010`) ### CVEs modified in the last Commit -Recently modified CVEs: `34` +Recently modified CVEs: `150` -* [CVE-2022-24480](CVE-2022/CVE-2022-244xx/CVE-2022-24480.json) (`2023-12-20T18:15:09.077`) -* [CVE-2023-42927](CVE-2023/CVE-2023-429xx/CVE-2023-42927.json) (`2023-12-20T17:15:08.377`) -* [CVE-2023-39340](CVE-2023/CVE-2023-393xx/CVE-2023-39340.json) (`2023-12-20T17:33:22.220`) -* [CVE-2023-5764](CVE-2023/CVE-2023-57xx/CVE-2023-5764.json) (`2023-12-20T17:35:31.823`) -* [CVE-2023-5794](CVE-2023/CVE-2023-57xx/CVE-2023-5794.json) (`2023-12-20T17:54:35.080`) -* [CVE-2023-40954](CVE-2023/CVE-2023-409xx/CVE-2023-40954.json) (`2023-12-20T17:55:09.060`) -* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-12-20T17:55:36.740`) -* [CVE-2023-5574](CVE-2023/CVE-2023-55xx/CVE-2023-5574.json) (`2023-12-20T17:56:20.660`) -* [CVE-2023-50164](CVE-2023/CVE-2023-501xx/CVE-2023-50164.json) (`2023-12-20T17:58:26.917`) -* [CVE-2023-50442](CVE-2023/CVE-2023-504xx/CVE-2023-50442.json) (`2023-12-20T18:29:15.687`) -* [CVE-2023-50440](CVE-2023/CVE-2023-504xx/CVE-2023-50440.json) (`2023-12-20T18:29:28.293`) -* [CVE-2023-50439](CVE-2023/CVE-2023-504xx/CVE-2023-50439.json) (`2023-12-20T18:29:44.920`) -* [CVE-2023-6774](CVE-2023/CVE-2023-67xx/CVE-2023-6774.json) (`2023-12-20T18:29:53.997`) -* [CVE-2023-6773](CVE-2023/CVE-2023-67xx/CVE-2023-6773.json) (`2023-12-20T18:31:30.370`) -* [CVE-2023-50441](CVE-2023/CVE-2023-504xx/CVE-2023-50441.json) (`2023-12-20T18:31:44.053`) -* [CVE-2023-50444](CVE-2023/CVE-2023-504xx/CVE-2023-50444.json) (`2023-12-20T18:31:52.980`) -* [CVE-2023-6660](CVE-2023/CVE-2023-66xx/CVE-2023-6660.json) (`2023-12-20T18:32:04.497`) -* [CVE-2023-45725](CVE-2023/CVE-2023-457xx/CVE-2023-45725.json) (`2023-12-20T18:32:15.360`) -* [CVE-2023-5379](CVE-2023/CVE-2023-53xx/CVE-2023-5379.json) (`2023-12-20T18:39:19.120`) -* [CVE-2023-4421](CVE-2023/CVE-2023-44xx/CVE-2023-4421.json) (`2023-12-20T18:40:25.117`) -* [CVE-2023-49936](CVE-2023/CVE-2023-499xx/CVE-2023-49936.json) (`2023-12-20T18:47:01.043`) -* [CVE-2023-49935](CVE-2023/CVE-2023-499xx/CVE-2023-49935.json) (`2023-12-20T18:47:36.937`) -* [CVE-2023-49934](CVE-2023/CVE-2023-499xx/CVE-2023-49934.json) (`2023-12-20T18:49:55.000`) -* [CVE-2023-49933](CVE-2023/CVE-2023-499xx/CVE-2023-49933.json) (`2023-12-20T18:50:47.213`) -* [CVE-2023-50443](CVE-2023/CVE-2023-504xx/CVE-2023-50443.json) (`2023-12-20T18:51:56.390`) +* [CVE-2023-23157](CVE-2023/CVE-2023-231xx/CVE-2023-23157.json) (`2023-12-20T20:08:15.050`) +* [CVE-2023-23158](CVE-2023/CVE-2023-231xx/CVE-2023-23158.json) (`2023-12-20T20:08:18.170`) +* [CVE-2023-24726](CVE-2023/CVE-2023-247xx/CVE-2023-24726.json) (`2023-12-20T20:08:21.123`) +* [CVE-2023-37743](CVE-2023/CVE-2023-377xx/CVE-2023-37743.json) (`2023-12-20T20:08:49.497`) +* [CVE-2023-31932](CVE-2023/CVE-2023-319xx/CVE-2023-31932.json) (`2023-12-20T20:09:04.483`) +* [CVE-2023-31933](CVE-2023/CVE-2023-319xx/CVE-2023-31933.json) (`2023-12-20T20:09:09.700`) +* [CVE-2023-31934](CVE-2023/CVE-2023-319xx/CVE-2023-31934.json) (`2023-12-20T20:09:13.353`) +* [CVE-2023-31935](CVE-2023/CVE-2023-319xx/CVE-2023-31935.json) (`2023-12-20T20:09:16.987`) +* [CVE-2023-31936](CVE-2023/CVE-2023-319xx/CVE-2023-31936.json) (`2023-12-20T20:09:20.560`) +* [CVE-2023-31937](CVE-2023/CVE-2023-319xx/CVE-2023-31937.json) (`2023-12-20T20:09:24.087`) +* [CVE-2023-46998](CVE-2023/CVE-2023-469xx/CVE-2023-46998.json) (`2023-12-20T20:09:44.320`) +* [CVE-2023-3275](CVE-2023/CVE-2023-32xx/CVE-2023-3275.json) (`2023-12-20T20:10:40.493`) +* [CVE-2023-23684](CVE-2023/CVE-2023-236xx/CVE-2023-23684.json) (`2023-12-20T20:10:54.733`) +* [CVE-2023-6901](CVE-2023/CVE-2023-69xx/CVE-2023-6901.json) (`2023-12-20T20:11:33.917`) +* [CVE-2023-40630](CVE-2023/CVE-2023-406xx/CVE-2023-40630.json) (`2023-12-20T20:13:31.610`) +* [CVE-2023-6134](CVE-2023/CVE-2023-61xx/CVE-2023-6134.json) (`2023-12-20T20:29:14.540`) +* [CVE-2023-6899](CVE-2023/CVE-2023-68xx/CVE-2023-6899.json) (`2023-12-20T20:29:39.937`) +* [CVE-2023-6900](CVE-2023/CVE-2023-69xx/CVE-2023-6900.json) (`2023-12-20T20:35:24.577`) +* [CVE-2023-6886](CVE-2023/CVE-2023-68xx/CVE-2023-6886.json) (`2023-12-20T20:41:07.530`) +* [CVE-2023-49347](CVE-2023/CVE-2023-493xx/CVE-2023-49347.json) (`2023-12-20T20:41:11.457`) +* [CVE-2023-6906](CVE-2023/CVE-2023-69xx/CVE-2023-6906.json) (`2023-12-20T20:47:26.333`) +* [CVE-2023-6907](CVE-2023/CVE-2023-69xx/CVE-2023-6907.json) (`2023-12-20T20:50:06.230`) +* [CVE-2023-49346](CVE-2023/CVE-2023-493xx/CVE-2023-49346.json) (`2023-12-20T20:56:09.633`) +* [CVE-2023-49345](CVE-2023/CVE-2023-493xx/CVE-2023-49345.json) (`2023-12-20T20:58:34.320`) +* [CVE-2023-49153](CVE-2023/CVE-2023-491xx/CVE-2023-49153.json) (`2023-12-20T20:59:31.170`) ## Download and Usage