From a04b1d9e5aad1a0ff75e2318ad9450a448aae5cc Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 4 Oct 2023 14:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-04T14:00:25.112883+00:00 --- CVE-2022/CVE-2022-224xx/CVE-2022-22447.json | 4 +- CVE-2022/CVE-2022-41xx/CVE-2022-4132.json | 47 +++++++++++ CVE-2023/CVE-2023-15xx/CVE-2023-1584.json | 4 +- CVE-2023/CVE-2023-226xx/CVE-2023-22618.json | 47 +++++++++++ CVE-2023/CVE-2023-24xx/CVE-2023-2422.json | 4 +- CVE-2023/CVE-2023-254xx/CVE-2023-25489.json | 4 +- CVE-2023/CVE-2023-257xx/CVE-2023-25788.json | 4 +- CVE-2023/CVE-2023-259xx/CVE-2023-25980.json | 4 +- CVE-2023/CVE-2023-28xx/CVE-2023-2809.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30690.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30692.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30727.json | 8 +- CVE-2023/CVE-2023-307xx/CVE-2023-30731.json | 8 +- CVE-2023/CVE-2023-307xx/CVE-2023-30732.json | 8 +- CVE-2023/CVE-2023-307xx/CVE-2023-30733.json | 8 +- CVE-2023/CVE-2023-307xx/CVE-2023-30734.json | 8 +- CVE-2023/CVE-2023-307xx/CVE-2023-30735.json | 8 +- CVE-2023/CVE-2023-307xx/CVE-2023-30736.json | 8 +- CVE-2023/CVE-2023-307xx/CVE-2023-30737.json | 8 +- CVE-2023/CVE-2023-307xx/CVE-2023-30738.json | 8 +- CVE-2023/CVE-2023-30xx/CVE-2023-3037.json | 55 +++++++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3038.json | 55 +++++++++++++ CVE-2023/CVE-2023-31xx/CVE-2023-3153.json | 63 +++++++++++++++ CVE-2023/CVE-2023-32xx/CVE-2023-3213.json | 4 +- CVE-2023/CVE-2023-33xx/CVE-2023-3361.json | 51 ++++++++++++ CVE-2023/CVE-2023-359xx/CVE-2023-35905.json | 4 +- CVE-2023/CVE-2023-35xx/CVE-2023-3512.json | 4 +- CVE-2023/CVE-2023-374xx/CVE-2023-37404.json | 4 +- CVE-2023/CVE-2023-379xx/CVE-2023-37995.json | 4 +- CVE-2023/CVE-2023-37xx/CVE-2023-3701.json | 4 +- CVE-2023/CVE-2023-37xx/CVE-2023-3744.json | 60 +++++++++++++- CVE-2023/CVE-2023-37xx/CVE-2023-3769.json | 82 ++++++++++++++++++- CVE-2023/CVE-2023-40xx/CVE-2023-4037.json | 55 +++++++++++++ CVE-2023/CVE-2023-40xx/CVE-2023-4090.json | 55 +++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41800.json | 47 ++++++++++- CVE-2023/CVE-2023-418xx/CVE-2023-41847.json | 47 ++++++++++- CVE-2023/CVE-2023-418xx/CVE-2023-41855.json | 47 ++++++++++- CVE-2023/CVE-2023-432xx/CVE-2023-43261.json | 36 +++++++++ CVE-2023/CVE-2023-442xx/CVE-2023-44208.json | 55 +++++++++++++ CVE-2023/CVE-2023-442xx/CVE-2023-44228.json | 47 ++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44230.json | 47 ++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44239.json | 47 ++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44262.json | 47 ++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44263.json | 47 ++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44272.json | 4 +- CVE-2023/CVE-2023-444xx/CVE-2023-44488.json | 8 +- CVE-2023/CVE-2023-44xx/CVE-2023-4491.json | 55 +++++++++++++ CVE-2023/CVE-2023-44xx/CVE-2023-4492.json | 55 +++++++++++++ CVE-2023/CVE-2023-44xx/CVE-2023-4493.json | 55 +++++++++++++ CVE-2023/CVE-2023-44xx/CVE-2023-4494.json | 55 +++++++++++++ CVE-2023/CVE-2023-44xx/CVE-2023-4495.json | 55 +++++++++++++ CVE-2023/CVE-2023-44xx/CVE-2023-4496.json | 55 +++++++++++++ CVE-2023/CVE-2023-44xx/CVE-2023-4497.json | 55 +++++++++++++ CVE-2023/CVE-2023-45xx/CVE-2023-4586.json | 4 +- CVE-2023/CVE-2023-47xx/CVE-2023-4732.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4997.json | 4 +- CVE-2023/CVE-2023-51xx/CVE-2023-5106.json | 74 ++++++++++++++++- CVE-2023/CVE-2023-51xx/CVE-2023-5160.json | 65 ++++++++++++++- CVE-2023/CVE-2023-52xx/CVE-2023-5217.json | 6 +- CVE-2023/CVE-2023-52xx/CVE-2023-5291.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5324.json | 64 +++++++++++++-- CVE-2023/CVE-2023-53xx/CVE-2023-5357.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5368.json | 8 +- CVE-2023/CVE-2023-53xx/CVE-2023-5369.json | 8 +- CVE-2023/CVE-2023-53xx/CVE-2023-5370.json | 8 +- CVE-2023/CVE-2023-53xx/CVE-2023-5373.json | 88 +++++++++++++++++++++ CVE-2023/CVE-2023-53xx/CVE-2023-5375.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5377.json | 4 +- README.md | 72 +++++++++++------ 69 files changed, 1853 insertions(+), 138 deletions(-) create mode 100644 CVE-2022/CVE-2022-41xx/CVE-2022-4132.json create mode 100644 CVE-2023/CVE-2023-226xx/CVE-2023-22618.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3037.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3038.json create mode 100644 CVE-2023/CVE-2023-31xx/CVE-2023-3153.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3361.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4037.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4090.json create mode 100644 CVE-2023/CVE-2023-432xx/CVE-2023-43261.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44208.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4491.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4492.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4493.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4494.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4495.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4496.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4497.json create mode 100644 CVE-2023/CVE-2023-53xx/CVE-2023-5373.json diff --git a/CVE-2022/CVE-2022-224xx/CVE-2022-22447.json b/CVE-2022/CVE-2022-224xx/CVE-2022-22447.json index f7596c3d8fe..0c77057335a 100644 --- a/CVE-2022/CVE-2022-224xx/CVE-2022-22447.json +++ b/CVE-2022/CVE-2022-224xx/CVE-2022-22447.json @@ -2,8 +2,8 @@ "id": "CVE-2022-22447", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-04T00:15:11.293", - "lastModified": "2023-10-04T00:15:11.293", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:10.477", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-41xx/CVE-2022-4132.json b/CVE-2022/CVE-2022-41xx/CVE-2022-4132.json new file mode 100644 index 00000000000..34cfc7ac8ec --- /dev/null +++ b/CVE-2022/CVE-2022-41xx/CVE-2022-4132.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2022-4132", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-10-04T12:15:10.230", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2022-4132", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147372", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1584.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1584.json index 263f034d411..1a7db84cdcf 100644 --- a/CVE-2023/CVE-2023-15xx/CVE-2023-1584.json +++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1584.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1584", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T11:15:09.770", - "lastModified": "2023-10-04T11:15:09.770", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22618.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22618.json new file mode 100644 index 00000000000..e71990e82a2 --- /dev/null +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22618.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-22618", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-04T12:15:10.300", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://nokia.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2422.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2422.json index 49b2fe2ba26..d071c7e7f17 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2422.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2422.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2422", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T11:15:10.157", - "lastModified": "2023-10-04T11:15:10.157", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25489.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25489.json index 2b243de4c64..10f76e87e11 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25489.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25489.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25489", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-04T11:15:09.917", - "lastModified": "2023-10-04T11:15:09.917", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25788.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25788.json index dc17dfb6360..06cf8b6643a 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25788.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25788.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25788", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-04T11:15:09.997", - "lastModified": "2023-10-04T11:15:09.997", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25980.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25980.json index aee6de5c994..8f7361bad57 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25980.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25980.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25980", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-04T11:15:10.077", - "lastModified": "2023-10-04T11:15:10.077", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2809.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2809.json index 467235557d6..a09daf7c9c8 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2809.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2809.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2809", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T11:15:10.223", - "lastModified": "2023-10-04T11:15:10.223", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30690.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30690.json index 65cde30444a..ef68a6358aa 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30690.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30690.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30690", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:12.297", - "lastModified": "2023-10-04T04:15:12.297", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30692.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30692.json index 172a6409cfa..baa7b163187 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30692.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30692.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30692", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:12.537", - "lastModified": "2023-10-04T04:15:12.537", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30727.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30727.json index a9380cfb5b7..49b3d0abc1e 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30727.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30727.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30727", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:12.687", - "lastModified": "2023-10-04T04:15:12.687", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en SecSettings anterior a SMR Oct-2023 Release 1 permite a los atacantes habilitar Wi-Fi y conectar Wi-Fi arbitrario sin interacci\u00f3n del usuario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30731.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30731.json index 0d09d6a2d8d..d4b2725b1a9 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30731.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30731.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30731", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:12.777", - "lastModified": "2023-10-04T04:15:12.777", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type." + }, + { + "lang": "es", + "value": "Un error l\u00f3gico en la instalaci\u00f3n del paquete mediante el comando del depurador anterior a SMR Oct-2023 Release 1 permite a un atacante f\u00edsico instalar una aplicaci\u00f3n que tiene un tipo de compilaci\u00f3n diferente." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30732.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30732.json index 7863fb598a7..b47cc70d15c 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30732.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30732.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30732", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:12.940", - "lastModified": "2023-10-04T04:15:12.940", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en la propiedad del sistema antes de SMR Oct-2023 Release 1 permite a un atacante local obtener el n\u00famero de serie de la CPU." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30733.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30733.json index c5538341871..be0f33af894 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30733.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30733.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30733", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:13.030", - "lastModified": "2023-10-04T04:15:13.030", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution." + }, + { + "lang": "es", + "value": "Desbordamiento de b\u00fafer en la vulnerabilidad HDCP trustlet anterior a SMR Oct-2023 Release 1, permite al atacante realizar la ejecuci\u00f3n de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30734.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30734.json index 5509adf34d2..c1b9281024c 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30734.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30734.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30734", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:13.127", - "lastModified": "2023-10-04T04:15:13.127", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en Samsung Health anterior a la versi\u00f3n 6.24.3.007 permite a los atacantes acceder a informaci\u00f3n confidencial mediante una intenci\u00f3n impl\u00edcita." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30735.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30735.json index 67bd3a07c0e..a305bc8d0e0 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30735.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30735.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30735", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:13.380", - "lastModified": "2023-10-04T04:15:13.380", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant." + }, + { + "lang": "es", + "value": "La vulnerabilidad de preservaci\u00f3n inadecuada de permisos en SAssistant anterior a la versi\u00f3n 8.7 permite a atacantes locales acceder a datos de respaldo en SAssistant." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30736.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30736.json index b43d4ee14e1..d9737d1a797 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30736.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30736.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30736", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:13.550", - "lastModified": "2023-10-04T04:15:13.550", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n inadecuada en PushMsgReceiver de Samsung Assistant anterior a la versi\u00f3n 8.7.00.1 permite al atacante ejecutar la interfaz javascript. Para desencadenar esta vulnerabilidad, se requiere la interacci\u00f3n del usuario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30737.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30737.json index 87b956e1c39..7e7c57bcc02 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30737.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30737.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30737", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:13.647", - "lastModified": "2023-10-04T04:15:13.647", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en Samsung Health anterior a la versi\u00f3n 6.24.3.007 permite a los atacantes acceder a informaci\u00f3n confidencial mediante una intenci\u00f3n impl\u00edcita." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30738.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30738.json index e61c1b55b58..6bf2f7ae940 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30738.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30738.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30738", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-10-04T04:15:13.733", - "lastModified": "2023-10-04T04:15:13.733", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption." + }, + { + "lang": "es", + "value": "Una validaci\u00f3n de entrada incorrecta en el firmware UEFI antes del lanzamiento de la actualizaci\u00f3n de firmware de octubre de 2023 en Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 y Galaxy Book Odyssey permite a un atacante local ejecutar corrupci\u00f3n de memoria SMM." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3037.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3037.json new file mode 100644 index 00000000000..a670f187136 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3037.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3037", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T12:15:10.373", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-helpdezk-community", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3038.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3038.json new file mode 100644 index 00000000000..93d8eb4b479 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3038.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3038", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T12:15:10.437", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-helpdezk-community", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3153.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3153.json new file mode 100644 index 00000000000..afe35cbe72b --- /dev/null +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3153.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-3153", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-10-04T12:15:10.503", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3153", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/ovn-org/ovn/issues/198", + "source": "secalert@redhat.com" + }, + { + "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html", + "source": "secalert@redhat.com" + }, + { + "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3213.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3213.json index 289c2e18106..d3dfd18e1fc 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3213.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3213.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3213", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-04T02:15:09.990", - "lastModified": "2023-10-04T02:15:09.990", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:10.477", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3361.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3361.json new file mode 100644 index 00000000000..2ed21089508 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3361.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-3361", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-10-04T12:15:10.567", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3361", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216588", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/opendatahub-io/odh-dashboard/issues/1415", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35905.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35905.json index 7edf9d6fb1c..5c581897170 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35905.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35905.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35905", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-04T01:15:50.950", - "lastModified": "2023-10-04T01:15:50.950", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:10.477", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3512.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3512.json index 57ead852017..b62f1dcb9b7 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3512.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3512.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3512", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T11:15:10.363", - "lastModified": "2023-10-04T11:15:10.363", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37404.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37404.json index 9710358418f..4955feab938 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37404.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37404.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37404", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-04T02:15:09.923", - "lastModified": "2023-10-04T02:15:09.923", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:10.477", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37995.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37995.json index 258e3c911cf..58529c4467b 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37995.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37995.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37995", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-04T11:15:10.297", - "lastModified": "2023-10-04T11:15:10.297", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3701.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3701.json index 5be87bb73d4..5ba878b5984 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3701.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3701.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3701", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T11:15:10.430", - "lastModified": "2023-10-04T11:15:10.430", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3744.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3744.json index 39a6964e1c7..881eb5deb7b 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3744.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3744.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3744", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-02T14:15:09.933", - "lastModified": "2023-10-02T14:17:10.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:41:29.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the \"scrape_image.php\" file in the imageURL parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Server-Side Request Forgery en SLims versi\u00f3n 9.6.0. Esta vulnerabilidad podr\u00eda permitir a un atacante autenticado enviar solicitudes a servicios internos o cargar el contenido de archivos relevantes a trav\u00e9s del archivo \"scrape_image.php\" en el par\u00e1metro imageURL." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slims:senayan_library_management_system:9.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A0052847-E586-4A78-B302-56F673BA67EC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3769.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3769.json index f33a05942cc..5a6f31d850c 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3769.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3769.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3769", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-02T14:15:10.017", - "lastModified": "2023-10-02T14:17:10.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:16:45.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services." + }, + { + "lang": "es", + "value": "Vulnerabilidad de validaci\u00f3n de entrada de datos incorrecta, que podr\u00eda permitir a un atacante con acceso a la red implementar t\u00e9cnicas de fuzzing que le permitir\u00edan obtener conocimiento sobre paquetes especialmente manipulados que crear\u00edan una condici\u00f3n DoS a trav\u00e9s del protocolo MMS al iniciar la comunicaci\u00f3n, logrando un reinicio completo del sistema del dispositivo y sus servicios." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,52 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ingeteam:ingepac_fc5066_firmware:5.3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9A2AF8E2-4307-4EED-8953-C7B399A9400B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ingeteam:ingepac_fc5066_firmware:6.1.1.22:*:*:*:*:*:*:*", + "matchCriteriaId": "F9C6C5FB-751D-40C5-96BB-C4BAB5A240A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ingeteam:ingepac_fc5066_firmware:9.0.22.6:*:*:*:*:*:*:*", + "matchCriteriaId": "F1696356-ED01-4C18-B22C-89743EAF3CD9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ingeteam:ingepac_fc5066:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB41D719-A8E1-4D91-8998-FF36D7E5D5FF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4037.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4037.json new file mode 100644 index 00000000000..1d2aa434cb0 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4037.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4037", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T12:15:10.733", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-setelsa-security-conacwin", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4090.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4090.json new file mode 100644 index 00000000000..6beb9f30d9c --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4090.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4090", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T12:15:10.800", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-widestand-cms-acilia", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41800.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41800.json index e8f880fa839..9a6b716e2df 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41800.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41800.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41800", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:11.890", - "lastModified": "2023-10-02T12:57:39.087", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:24:01.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uniconsent:cmp_for_gdpr_cpra_gpp_tcf:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.2", + "matchCriteriaId": "060A6BCF-01DB-4364-88C6-DBC69743C6E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/uniconsent-cmp/wordpress-uniconsent-cookie-consent-cmp-for-gdpr-ccpa-plugin-1-4-2-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41847.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41847.json index 8e685971051..c996c6da4e8 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41847.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41847.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41847", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:11.967", - "lastModified": "2023-10-02T12:57:39.087", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:26:01.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wensolutions:notice_bar:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "6088CFEB-4519-44E0-861B-3C43D6362444" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/notice-bar/wordpress-notice-bar-plugin-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41855.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41855.json index 96dbf3c8c43..978da48f097 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41855.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41855.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41855", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:12.043", - "lastModified": "2023-10-02T12:57:39.087", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:30:41.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:regpacks:regpack:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.1", + "matchCriteriaId": "4DA5DC5F-E137-40DD-931B-78D5E4BE7C9D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/regpack/wordpress-regpack-plugin-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-432xx/CVE-2023-43261.json b/CVE-2023/CVE-2023-432xx/CVE-2023-43261.json new file mode 100644 index 00000000000..4f5deda55a1 --- /dev/null +++ b/CVE-2023/CVE-2023-432xx/CVE-2023-43261.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-43261", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-04T12:15:10.627", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://milesight.com", + "source": "cve@mitre.org" + }, + { + "url": "http://ur5x.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/win3zz/CVE-2023-43261", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf", + "source": "cve@mitre.org" + }, + { + "url": "https://support.milesight-iot.com/support/home", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44208.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44208.json new file mode 100644 index 00000000000..ae82bbba9d6 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44208.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44208", + "sourceIdentifier": "security@acronis.com", + "published": "2023-10-04T12:15:10.670", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-6587", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44228.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44228.json index 7802fe6ca21..cf1c855b249 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44228.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44228.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44228", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T11:15:50.317", - "lastModified": "2023-10-02T12:57:34.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:36:47.173", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:onclick_show_popup:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "8.1", + "matchCriteriaId": "6E5B23B2-8401-45F5-96D8-4BBC509FFC65" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/onclick-show-popup/wordpress-onclick-show-popup-plugin-8-1-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44230.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44230.json index 3a6a1938a59..bd4ab112f50 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44230.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44230.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44230", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T11:15:50.393", - "lastModified": "2023-10-02T12:57:34.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:37:30.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:popup_contact_form:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.1", + "matchCriteriaId": "576E6D3C-94B6-4738-B1B0-0706E23DDA50" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/popup-contact-form/wordpress-popup-contact-form-plugin-7-1-cross-site-scripting-xss-2?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44239.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44239.json index a9d333744b1..23b769f7d7d 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44239.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44239.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44239", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:12.877", - "lastModified": "2023-10-02T12:57:34.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T12:04:19.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:walkswithme:social_share_on_image_hover:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2", + "matchCriteriaId": "6D13C8DD-F94D-4FE4-9EDF-E4AF43585AC9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wwm-social-share-on-image-hover/wordpress-wwm-social-share-on-image-hover-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44262.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44262.json index 1197f2a9758..27d3d7a3d8d 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44262.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44262.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44262", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:13.027", - "lastModified": "2023-10-02T12:57:34.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:33:01.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:renzojohnson:blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.41", + "matchCriteriaId": "A94D4129-81E4-46DC-A121-D817B682B9A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/blocks/wordpress-blocks-plugin-1-6-41-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44263.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44263.json index 16ef2c360e5..2dbce418451 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44263.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44263.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44263", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:13.107", - "lastModified": "2023-10-02T12:57:34.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:33:58.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:riyaz:social_metrics:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2", + "matchCriteriaId": "7E210E3D-B6C1-4C81-AE56-220DEDD2E9C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/social-metrics/wordpress-social-metrics-plugin-2-2-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json index 45f6952460f..188083949f6 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44272", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-10-04T09:15:31.810", - "lastModified": "2023-10-04T09:15:31.810", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json index b6950e8e925..d3c0c984502 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44488", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-30T20:15:10.200", - "lastModified": "2023-10-03T20:57:51.777", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-04T13:15:25.590", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -154,6 +154,10 @@ "tags": [ "Mailing List" ] + }, + { + "url": "https://security.gentoo.org/glsa/202310-04", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4491.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4491.json new file mode 100644 index 00000000000..296595f2380 --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4491.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4491", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T13:15:25.823", + "lastModified": "2023-10-04T13:15:25.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4492.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4492.json new file mode 100644 index 00000000000..afcf21dcf9c --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4492.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4492", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T13:15:25.910", + "lastModified": "2023-10-04T13:15:25.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4493.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4493.json new file mode 100644 index 00000000000..a9c107b869f --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4493.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4493", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T13:15:25.987", + "lastModified": "2023-10-04T13:15:25.987", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4494.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4494.json new file mode 100644 index 00000000000..2ce79b1417f --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4494.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4494", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T13:15:26.057", + "lastModified": "2023-10-04T13:15:26.057", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4495.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4495.json new file mode 100644 index 00000000000..d9f4d7c95dc --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4495.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4495", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T13:15:26.127", + "lastModified": "2023-10-04T13:15:26.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4496.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4496.json new file mode 100644 index 00000000000..81d7fe7c3f5 --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4496.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4496", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T13:15:26.193", + "lastModified": "2023-10-04T13:15:26.193", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4497.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4497.json new file mode 100644 index 00000000000..2a004fdb636 --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4497.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4497", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-04T13:15:26.267", + "lastModified": "2023-10-04T13:15:26.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4586.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4586.json index 5f74d4621d3..854a58212ba 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4586.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4586.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4586", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T11:15:10.500", - "lastModified": "2023-10-04T11:15:10.500", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4732.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4732.json index 79e26dc2d18..d01415ecd1d 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4732.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4732.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4732", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-03T17:15:09.853", - "lastModified": "2023-10-03T18:09:47.093", + "lastModified": "2023-10-04T12:15:10.863", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A flaw was found in the Linux Kernel's memory management subsytem. A task exits and releases a 2MB page in a vma (vm_area_struct) and hits the BUG statement in pfn_swap_entry_to_page() referencing pmd_t x." + "value": "A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en pfn_swap_entry_to_page en el subsistema de administraci\u00f3n de memoria del kernel de Linux. En esta falla, un atacante con privilegios de usuario local puede causar un problema de denegaci\u00f3n de servicio debido a una declaraci\u00f3n de ERROR que hace referencia a pmd_t x.\n" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4997.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4997.json index 03e55488012..5f86c225693 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4997.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4997.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4997", "sourceIdentifier": "cvd@cert.pl", "published": "2023-10-04T11:15:10.563", - "lastModified": "2023-10-04T11:15:10.563", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:02.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5106.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5106.json index ce6692f3dd9..5f2097289d9 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5106.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5106.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5106", "sourceIdentifier": "cve@gitlab.com", "published": "2023-10-02T12:15:09.997", - "lastModified": "2023-10-02T12:57:34.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T12:25:09.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en Ultimate-licensed GitLab EE que afecta a todas las versiones desde 13.12 anteriores a 16.2.8, 16.3.0 anteriores a 16.3.5 y 16.4.0 anteriores a 16.4.1 y que podr\u00eda permitir a un atacante hacerse pasar por usuarios en CI pipelines mediante importaciones de grupos de transferencia directa." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,10 +80,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "13.12", + "versionEndExcluding": "16.2.8", + "matchCriteriaId": "3A19F87C-BD40-4995-BCF4-9D3C324FDA93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.3.0", + "versionEndExcluding": "16.3.5", + "matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5160.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5160.json index b42b71dfcc2..80656d4fad4 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5160.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5160.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5160", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-10-02T11:15:50.813", - "lastModified": "2023-10-02T12:57:34.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T12:18:36.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.8.10", + "matchCriteriaId": "69C58AE2-7A73-4736-B442-4C67D98AD157" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.1.1", + "matchCriteriaId": "B96ADDD7-CCB9-4558-A54A-813DBAFAD356" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json index 106aaef1b0e..f20b636a55e 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5217", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-28T16:15:10.980", - "lastModified": "2023-10-04T00:15:12.427", + "lastModified": "2023-10-04T13:15:26.337", "vulnStatus": "Modified", "cisaExploitAdd": "2023-10-02", "cisaActionDue": "2023-10-23", @@ -278,6 +278,10 @@ "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202310-04", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5291.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5291.json index 07ac0a88ccd..e59fa2fc9b0 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5291.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5291.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5291", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-04T02:15:10.080", - "lastModified": "2023-10-04T02:15:10.080", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5324.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5324.json index 2142daa101a..d409123e9eb 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5324.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5324.json @@ -2,15 +2,41 @@ "id": "CVE-2023-5324", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-01T21:15:42.693", - "lastModified": "2023-10-02T00:44:36.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-04T13:53:02.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en eeroOS hasta 6.16.4-11 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Ethernet Interface. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque debe abordarse dentro de la red local. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-241024." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +97,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:eero:eeroos:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.16.4-11", + "matchCriteriaId": "2602F72C-E1CB-40E6-B2EE-D3C1E16B3729" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nomis/eero-zero-length-ipv6-options-header-dos", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.241024", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.241024", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5357.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5357.json index 17805d17eed..6d38c011f0f 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5357.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5357.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5357", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-04T02:15:10.163", - "lastModified": "2023-10-04T02:15:10.163", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5368.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5368.json index e44ff9fabda..c94f35fd979 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5368.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5368.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5368", "sourceIdentifier": "secteam@freebsd.org", "published": "2023-10-04T04:15:14.143", - "lastModified": "2023-10-04T04:15:14.143", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\n\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file)." + }, + { + "lang": "es", + "value": "En un sistema de archivos msdosfs, las llamadas al sistema 'truncate' o 'ftruncate' bajo ciertas circunstancias llenan el espacio adicional en el archivo con datos no asignados del dispositivo de disco subyacente, en lugar de cero bytes. Esto puede permitir que un usuario con acceso de escritura a archivos en un sistema de archivos msdosfs lea datos no deseados (por ejemplo, de un archivo previamente eliminado)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5369.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5369.json index 99a1a2fad4b..40bb48fb5e6 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5369.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5369.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5369", "sourceIdentifier": "secteam@freebsd.org", "published": "2023-10-04T04:15:14.627", - "lastModified": "2023-10-04T04:15:14.627", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Before correction, the\u00a0copy_file_range\u00a0system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.\n\nThis incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor." + }, + { + "lang": "es", + "value": "Antes de la correcci\u00f3n, la llamada al sistema copy_file_range verific\u00f3 solo las capabilities CAP_READ y CAP_WRITE en los descriptores de archivos de entrada y salida, respectivamente. Usar un desplazamiento es l\u00f3gicamente equivalente a buscar, y la llamada al sistema debe requerir adicionalmente la capability CAP_SEEK. Esta verificaci\u00f3n de privilegios incorrecta permiti\u00f3 que los procesos aislados con solo lectura o escritura pero sin capacidad de b\u00fasqueda en un descriptor de archivo leyeran o escribieran datos en una ubicaci\u00f3n arbitraria dentro del archivo correspondiente a ese descriptor de archivo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5370.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5370.json index 2f1cdb50215..a7a1a130504 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5370.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5370.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5370", "sourceIdentifier": "secteam@freebsd.org", "published": "2023-10-04T04:15:15.593", - "lastModified": "2023-10-04T04:15:15.593", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0." + }, + { + "lang": "es", + "value": "En la CPU 0, se llama a la verificaci\u00f3n del workaround de SMCCC antes de que se haya inicializado el soporte de SMCCC. Esto result\u00f3 en que no se instalaran workarounds de ejecuci\u00f3n especulativa en la CPU 0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5373.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5373.json new file mode 100644 index 00000000000..1f62c25b791 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5373.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5373", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-04T13:15:26.433", + "lastModified": "2023-10-04T13:15:26.433", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Szlllc/Cve/blob/main/Computer%20and%20Laptop%20Store%20System%20Master.php%20has%20Sqlinjection.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.241254", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.241254", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json index 9dc1f46f905..807f9b9c73c 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5375", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-04T09:15:31.980", - "lastModified": "2023-10-04T09:15:31.980", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5377.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5377.json index f9a7750822c..c61e8bc6d64 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5377.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5377.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5377", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-04T10:15:10.353", - "lastModified": "2023-10-04T10:15:10.353", - "vulnStatus": "Received", + "lastModified": "2023-10-04T12:56:06.920", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 3c0ce205f86..69b42bef043 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-04T12:00:25.925521+00:00 +2023-10-04T14:00:25.112883+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-04T11:48:34.220000+00:00 +2023-10-04T13:53:02.330000+00:00 ``` ### Last Data Feed Release @@ -29,38 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226952 +226970 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `18` -* [CVE-2023-5377](CVE-2023/CVE-2023-53xx/CVE-2023-5377.json) (`2023-10-04T10:15:10.353`) -* [CVE-2023-1584](CVE-2023/CVE-2023-15xx/CVE-2023-1584.json) (`2023-10-04T11:15:09.770`) -* [CVE-2023-25489](CVE-2023/CVE-2023-254xx/CVE-2023-25489.json) (`2023-10-04T11:15:09.917`) -* [CVE-2023-25788](CVE-2023/CVE-2023-257xx/CVE-2023-25788.json) (`2023-10-04T11:15:09.997`) -* [CVE-2023-25980](CVE-2023/CVE-2023-259xx/CVE-2023-25980.json) (`2023-10-04T11:15:10.077`) -* [CVE-2023-2422](CVE-2023/CVE-2023-24xx/CVE-2023-2422.json) (`2023-10-04T11:15:10.157`) -* [CVE-2023-2809](CVE-2023/CVE-2023-28xx/CVE-2023-2809.json) (`2023-10-04T11:15:10.223`) -* [CVE-2023-37995](CVE-2023/CVE-2023-379xx/CVE-2023-37995.json) (`2023-10-04T11:15:10.297`) -* [CVE-2023-3512](CVE-2023/CVE-2023-35xx/CVE-2023-3512.json) (`2023-10-04T11:15:10.363`) -* [CVE-2023-3701](CVE-2023/CVE-2023-37xx/CVE-2023-3701.json) (`2023-10-04T11:15:10.430`) -* [CVE-2023-4586](CVE-2023/CVE-2023-45xx/CVE-2023-4586.json) (`2023-10-04T11:15:10.500`) -* [CVE-2023-4997](CVE-2023/CVE-2023-49xx/CVE-2023-4997.json) (`2023-10-04T11:15:10.563`) +* [CVE-2022-4132](CVE-2022/CVE-2022-41xx/CVE-2022-4132.json) (`2023-10-04T12:15:10.230`) +* [CVE-2023-22618](CVE-2023/CVE-2023-226xx/CVE-2023-22618.json) (`2023-10-04T12:15:10.300`) +* [CVE-2023-3037](CVE-2023/CVE-2023-30xx/CVE-2023-3037.json) (`2023-10-04T12:15:10.373`) +* [CVE-2023-3038](CVE-2023/CVE-2023-30xx/CVE-2023-3038.json) (`2023-10-04T12:15:10.437`) +* [CVE-2023-3153](CVE-2023/CVE-2023-31xx/CVE-2023-3153.json) (`2023-10-04T12:15:10.503`) +* [CVE-2023-3361](CVE-2023/CVE-2023-33xx/CVE-2023-3361.json) (`2023-10-04T12:15:10.567`) +* [CVE-2023-43261](CVE-2023/CVE-2023-432xx/CVE-2023-43261.json) (`2023-10-04T12:15:10.627`) +* [CVE-2023-44208](CVE-2023/CVE-2023-442xx/CVE-2023-44208.json) (`2023-10-04T12:15:10.670`) +* [CVE-2023-4037](CVE-2023/CVE-2023-40xx/CVE-2023-4037.json) (`2023-10-04T12:15:10.733`) +* [CVE-2023-4090](CVE-2023/CVE-2023-40xx/CVE-2023-4090.json) (`2023-10-04T12:15:10.800`) +* [CVE-2023-4491](CVE-2023/CVE-2023-44xx/CVE-2023-4491.json) (`2023-10-04T13:15:25.823`) +* [CVE-2023-4492](CVE-2023/CVE-2023-44xx/CVE-2023-4492.json) (`2023-10-04T13:15:25.910`) +* [CVE-2023-4493](CVE-2023/CVE-2023-44xx/CVE-2023-4493.json) (`2023-10-04T13:15:25.987`) +* [CVE-2023-4494](CVE-2023/CVE-2023-44xx/CVE-2023-4494.json) (`2023-10-04T13:15:26.057`) +* [CVE-2023-4495](CVE-2023/CVE-2023-44xx/CVE-2023-4495.json) (`2023-10-04T13:15:26.127`) +* [CVE-2023-4496](CVE-2023/CVE-2023-44xx/CVE-2023-4496.json) (`2023-10-04T13:15:26.193`) +* [CVE-2023-4497](CVE-2023/CVE-2023-44xx/CVE-2023-4497.json) (`2023-10-04T13:15:26.267`) +* [CVE-2023-5373](CVE-2023/CVE-2023-53xx/CVE-2023-5373.json) (`2023-10-04T13:15:26.433`) ### CVEs modified in the last Commit -Recently modified CVEs: `7` +Recently modified CVEs: `50` -* [CVE-2022-39046](CVE-2022/CVE-2022-390xx/CVE-2022-39046.json) (`2023-10-04T10:15:09.780`) -* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-10-04T10:15:10.027`) -* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-10-04T10:15:10.143`) -* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-04T10:15:10.257`) -* [CVE-2023-5296](CVE-2023/CVE-2023-52xx/CVE-2023-5296.json) (`2023-10-04T11:30:25.553`) -* [CVE-2023-5297](CVE-2023/CVE-2023-52xx/CVE-2023-5297.json) (`2023-10-04T11:35:19.407`) -* [CVE-2023-44245](CVE-2023/CVE-2023-442xx/CVE-2023-44245.json) (`2023-10-04T11:48:34.220`) +* [CVE-2023-30736](CVE-2023/CVE-2023-307xx/CVE-2023-30736.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-30737](CVE-2023/CVE-2023-307xx/CVE-2023-30737.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-30738](CVE-2023/CVE-2023-307xx/CVE-2023-30738.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-5368](CVE-2023/CVE-2023-53xx/CVE-2023-5368.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-5369](CVE-2023/CVE-2023-53xx/CVE-2023-5369.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-5370](CVE-2023/CVE-2023-53xx/CVE-2023-5370.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-44272](CVE-2023/CVE-2023-442xx/CVE-2023-44272.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-5375](CVE-2023/CVE-2023-53xx/CVE-2023-5375.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-5377](CVE-2023/CVE-2023-53xx/CVE-2023-5377.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-1584](CVE-2023/CVE-2023-15xx/CVE-2023-1584.json) (`2023-10-04T12:56:06.920`) +* [CVE-2023-35905](CVE-2023/CVE-2023-359xx/CVE-2023-35905.json) (`2023-10-04T12:56:10.477`) +* [CVE-2023-37404](CVE-2023/CVE-2023-374xx/CVE-2023-37404.json) (`2023-10-04T12:56:10.477`) +* [CVE-2023-3213](CVE-2023/CVE-2023-32xx/CVE-2023-3213.json) (`2023-10-04T12:56:10.477`) +* [CVE-2023-44488](CVE-2023/CVE-2023-444xx/CVE-2023-44488.json) (`2023-10-04T13:15:25.590`) +* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-10-04T13:15:26.337`) +* [CVE-2023-3769](CVE-2023/CVE-2023-37xx/CVE-2023-3769.json) (`2023-10-04T13:16:45.607`) +* [CVE-2023-41800](CVE-2023/CVE-2023-418xx/CVE-2023-41800.json) (`2023-10-04T13:24:01.053`) +* [CVE-2023-41847](CVE-2023/CVE-2023-418xx/CVE-2023-41847.json) (`2023-10-04T13:26:01.997`) +* [CVE-2023-41855](CVE-2023/CVE-2023-418xx/CVE-2023-41855.json) (`2023-10-04T13:30:41.403`) +* [CVE-2023-44262](CVE-2023/CVE-2023-442xx/CVE-2023-44262.json) (`2023-10-04T13:33:01.340`) +* [CVE-2023-44263](CVE-2023/CVE-2023-442xx/CVE-2023-44263.json) (`2023-10-04T13:33:58.363`) +* [CVE-2023-44228](CVE-2023/CVE-2023-442xx/CVE-2023-44228.json) (`2023-10-04T13:36:47.173`) +* [CVE-2023-44230](CVE-2023/CVE-2023-442xx/CVE-2023-44230.json) (`2023-10-04T13:37:30.187`) +* [CVE-2023-3744](CVE-2023/CVE-2023-37xx/CVE-2023-3744.json) (`2023-10-04T13:41:29.220`) +* [CVE-2023-5324](CVE-2023/CVE-2023-53xx/CVE-2023-5324.json) (`2023-10-04T13:53:02.330`) ## Download and Usage