diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json index 1d5c8087038..b7ec29e7cfb 100644 --- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json +++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125081", "sourceIdentifier": "cna@vuldb.com", "published": "2023-01-17T23:15:15.173", - "lastModified": "2023-11-07T02:18:43.350", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-01T22:04:49.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json index b19e1eaa36c..562e817a071 100644 --- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json +++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125084", "sourceIdentifier": "cna@vuldb.com", "published": "2023-02-06T00:15:08.823", - "lastModified": "2023-11-07T02:18:44.037", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-01T22:03:27.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -138,6 +138,7 @@ "url": "https://vuldb.com/?id.220205", "source": "cna@vuldb.com", "tags": [ + "Permissions Required", "Third Party Advisory" ] } diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json index d6abd33d12c..e9d7c900c7e 100644 --- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json +++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125093", "sourceIdentifier": "cna@vuldb.com", "published": "2023-03-10T02:15:58.147", - "lastModified": "2023-11-07T02:18:46.353", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-01T22:05:39.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 3.6 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -91,7 +91,7 @@ ] }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json index 1d1f4598c26..4b1c208f00d 100644 --- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json +++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125095", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-09T06:15:10.593", - "lastModified": "2023-11-07T02:18:46.810", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-01T22:08:11.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json index 8be7c54679b..d92e550ef02 100644 --- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json +++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125096", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-10T03:15:07.040", - "lastModified": "2023-11-07T02:18:47.120", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-01T22:10:36.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20155.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20155.json index 52ef59e3bc9..6f22996eef5 100644 --- a/CVE-2017/CVE-2017-201xx/CVE-2017-20155.json +++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20155.json @@ -2,8 +2,8 @@ "id": "CVE-2017-20155", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-30T23:15:08.883", - "lastModified": "2023-11-07T02:43:19.843", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-01T22:07:13.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -114,8 +114,7 @@ "url": "https://github.com/Sterc/Analytics-dashboard-widget/commit/855d9560d3782c105568eedf9b22a769fbf29cc0", "source": "cna@vuldb.com", "tags": [ - "Patch", - "Third Party Advisory" + "Patch" ] }, { @@ -131,15 +130,14 @@ "url": "https://github.com/Sterc/Analytics-dashboard-widget/milestone/2", "source": "cna@vuldb.com", "tags": [ - "Third Party Advisory" + "Product" ] }, { "url": "https://github.com/Sterc/Analytics-dashboard-widget/pull/12", "source": "cna@vuldb.com", "tags": [ - "Patch", - "Third Party Advisory" + "Patch" ] }, { diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20156.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20156.json index 1b133fea718..eac070d1a78 100644 --- a/CVE-2017/CVE-2017-201xx/CVE-2017-20156.json +++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20156.json @@ -2,8 +2,8 @@ "id": "CVE-2017-20156", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-31T10:15:09.183", - "lastModified": "2023-11-07T02:43:20.117", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-01T22:09:35.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -114,8 +114,7 @@ "url": "https://github.com/exciting-io/printer/commit/5f8c715d6e2cc000f621a6833f0a86a673462136", "source": "cna@vuldb.com", "tags": [ - "Patch", - "Third Party Advisory" + "Patch" ] }, { diff --git a/CVE-2022/CVE-2022-404xx/CVE-2022-40433.json b/CVE-2022/CVE-2022-404xx/CVE-2022-40433.json index c3e3274b8c6..d1aed0d51bf 100644 --- a/CVE-2022/CVE-2022-404xx/CVE-2022-40433.json +++ b/CVE-2022/CVE-2022-404xx/CVE-2022-40433.json @@ -2,12 +2,16 @@ "id": "CVE-2022-40433", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:24.010", - "lastModified": "2023-09-25T17:23:18.193", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-01T21:15:07.527", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service." + "value": "An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Note: Vendor states that this to is Defense in Depth at most due to the nature of the issue and the special circumstances required (server must be running particular code locally, code compiled with an old, old version of javac, etc.)." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en la funci\u00f3n ciMethodBlocks::make_block_at de Oracle JDK (HotSpot VM) 11, 17 y OpenJDK (HotSpot VM) 8, 11, 17, que permite a los atacantes provocar una denegaci\u00f3n de servicio.\n" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25632.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25632.json index c2e78c9b182..05b43fb9d35 100644 --- a/CVE-2023/CVE-2023-256xx/CVE-2023-25632.json +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25632.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25632", "sourceIdentifier": "cve@navercorp.com", "published": "2023-11-27T07:15:43.397", - "lastModified": "2023-11-27T13:52:09.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:17:40.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "La aplicaci\u00f3n de navegador Android Mobile Whale anterior a 3.0.1.2 permite al atacante eludir la funci\u00f3n de desbloqueo del navegador mediante la funci\u00f3n \"Abrir en Whale\"." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "cve@navercorp.com", "type": "Secondary", @@ -27,10 +60,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:naver:whale_browser:*:*:*:*:*:android:*:*", + "versionEndExcluding": "3.0.1.2", + "matchCriteriaId": "AC969CAF-AD1C-48DE-BDD8-F276EC21450C" + } + ] + } + ] + } + ], "references": [ { "url": "https://cve.naver.com/detail/cve-2023-25632.html", - "source": "cve@navercorp.com" + "source": "cve@navercorp.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32063.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32063.json index 8cb2659aebb..4d46e09cc69 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32063.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32063.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32063", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-28T04:15:07.143", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:46:28.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:client_relationship_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndIncluding": "4.2.5", + "matchCriteriaId": "D7A1B563-4905-464D-A4B0-A317A2182BA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:client_relationship_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.0.4", + "matchCriteriaId": "3A2D401C-A6CD-48B0-8A5C-A9FD55182189" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:client_relationship_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1.0", + "versionEndExcluding": "5.1.1", + "matchCriteriaId": "E55AC63D-454C-48E3-8FD5-E8521E9554A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/oroinc/OroCRMCallBundle/commit/456b1dda7762abf4ff59eafffaa70ab7f09d1c85", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/oroinc/OroCRMCallBundle/commit/9a41dff459bb4aff864175ca883d553ac0954950", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/oroinc/crm/security/advisories/GHSA-897w-jv7j-6r7g", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32064.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32064.json index 757fd2fc033..c82bce764f9 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32064.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32064.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32064", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-28T04:15:07.360", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T22:01:44.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndIncluding": "4.2.8", + "matchCriteriaId": "9E0C45BF-56A3-480F-AC47-7811E56CF653" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.0.11", + "matchCriteriaId": "9A2DBB10-E76F-4210-943D-9FF29CD90538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1.0", + "versionEndExcluding": "5.1.1", + "matchCriteriaId": "EA4A911B-D810-45B3-BCAA-ABD4EF968657" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/oroinc/orocommerce/security/advisories/GHSA-8gwj-68w6-7v6c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32065.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32065.json index 997587be0b0..3616336e380 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32065.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32065.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32065", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-28T04:15:07.570", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T22:00:52.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndIncluding": "4.2.10", + "matchCriteriaId": "8CD6473A-785F-4EA1-8546-250A24D35964" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.0.11", + "matchCriteriaId": "9A2DBB10-E76F-4210-943D-9FF29CD90538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1.0", + "versionEndExcluding": "5.1.1", + "matchCriteriaId": "EA4A911B-D810-45B3-BCAA-ABD4EF968657" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/oroinc/orocommerce/security/advisories/GHSA-88g2-xgh9-4ph2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40699.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40699.json new file mode 100644 index 00000000000..0d312437d84 --- /dev/null +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40699.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-40699", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-01T21:15:07.633", + "lastModified": "2023-12-01T21:15:07.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265161", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7067714", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-420xx/CVE-2023-42009.json b/CVE-2023/CVE-2023-420xx/CVE-2023-42009.json new file mode 100644 index 00000000000..24c3c261386 --- /dev/null +++ b/CVE-2023/CVE-2023-420xx/CVE-2023-42009.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-42009", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-01T21:15:07.857", + "lastModified": "2023-12-01T21:15:07.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265504", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://https://www.ibm.com/support/pages/node/7070755", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-420xx/CVE-2023-42019.json b/CVE-2023/CVE-2023-420xx/CVE-2023-42019.json new file mode 100644 index 00000000000..2526497c640 --- /dev/null +++ b/CVE-2023/CVE-2023-420xx/CVE-2023-42019.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-42019", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-01T21:15:08.053", + "lastModified": "2023-12-01T21:15:08.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265569", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7067719", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-420xx/CVE-2023-42022.json b/CVE-2023/CVE-2023-420xx/CVE-2023-42022.json new file mode 100644 index 00000000000..98e4f108002 --- /dev/null +++ b/CVE-2023/CVE-2023-420xx/CVE-2023-42022.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-42022", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-01T21:15:08.260", + "lastModified": "2023-12-01T21:15:08.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265938", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7074335", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43021.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43021.json new file mode 100644 index 00000000000..1fce31e707b --- /dev/null +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43021.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43021", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-01T21:15:08.460", + "lastModified": "2023-12-01T21:15:08.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266167", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7074317", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43754.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43754.json index cceb9c46f79..3a262a71909 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43754.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43754.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43754", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-11-27T10:15:07.657", - "lastModified": "2023-11-27T13:52:09.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:18:42.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.12", + "matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.3", + "matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.1", + "matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44381.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44381.json new file mode 100644 index 00000000000..28c1fc66d10 --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44381.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44381", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-01T22:15:09.573", + "lastModified": "2023-12-01T22:15:09.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44382.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44382.json new file mode 100644 index 00000000000..8fcabb4a3c1 --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44382.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44382", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-01T22:15:09.780", + "lastModified": "2023-12-01T22:15:09.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44402.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44402.json new file mode 100644 index 00000000000..6505495ec6e --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44402.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-44402", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-01T22:15:09.970", + "lastModified": "2023-12-01T22:15:09.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/electron/electron/pull/39788", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85", + "source": "security-advisories@github.com" + }, + { + "url": "https://www.electronjs.org/docs/latest/tutorial/fuses", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45223.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45223.json index ee7f970775e..8044a84a2b8 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45223.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45223.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45223", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-11-27T10:15:07.840", - "lastModified": "2023-11-27T13:52:09.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:22:56.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.12", + "matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.3", + "matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46174.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46174.json new file mode 100644 index 00000000000..80111c81382 --- /dev/null +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46174.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46174", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-01T21:15:08.663", + "lastModified": "2023-12-01T21:15:08.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269506", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7067717", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46355.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46355.json index 827d6074f4a..83f4d911e4a 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46355.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46355.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46355", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-27T23:15:07.520", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:17:19.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "En el m\u00f3dulo \"CSV Feeds PRO\" (csvfeeds) < 2.6.1 de Bl Modules para PrestaShop, un invitado puede descargar informaci\u00f3n personal sin restricciones. Debido a un control de acceso demasiado permisivo que no obliga al administrador a utilizar una contrase\u00f1a en los feeds, un invitado puede acceder a las exportaciones del m\u00f3dulo, lo que puede provocar filtraciones de informaci\u00f3n personal de la tabla ps_customer/ps_order, como nombre/apellido/correo electr\u00f3nico/n\u00famero de tel\u00e9fono/direcci\u00f3n postal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blmodules:csv_feeds_pro:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "2.6.1", + "matchCriteriaId": "BEC51F0B-EE9A-4BE8-96F8-D374716C7029" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/11/23/csvfeeds.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46480.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46480.json index 66af143ed1b..d85b9807906 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46480.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46480.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46480", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-27T23:15:07.567", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:04:35.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,73 @@ "value": "Un problema en OwnCast v.0.1.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro authHost de la funci\u00f3n indieauth." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:owncast_project:owncast:0.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "60E81CAB-A9D8-4197-83F5-F1D4915D3D54" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/owncast/owncast", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/shahzaibak96/CVE-2023-46480", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46746.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46746.json new file mode 100644 index 00000000000..bfdd5e7b87d --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46746.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46746", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-01T22:15:10.167", + "lastModified": "2023-12-01T22:15:10.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PostHog/posthog/commit/22bd5942638d5d9bc4bd603a9bfe8f8a95572292", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/PostHog/posthog/security/advisories/GHSA-wqqw-r8c5-j67c", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47168.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47168.json index 561865745d5..4022f292ee7 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47168.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47168.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47168", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-11-27T10:15:08.023", - "lastModified": "2023-11-27T13:52:09.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:24:07.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.12", + "matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.3", + "matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.1", + "matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48268.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48268.json index 18e4aaa0278..ef4b25e7a98 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48268.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48268.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48268", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-11-27T10:15:08.217", - "lastModified": "2023-11-27T13:52:09.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:30:14.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.12", + "matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.3", + "matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.1", + "matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48314.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48314.json new file mode 100644 index 00000000000..430cf2869a1 --- /dev/null +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48314.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48314", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-01T22:15:10.360", + "lastModified": "2023-12-01T22:15:10.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48369.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48369.json index 24f2538c110..64bef8a633a 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48369.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48369.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48369", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-11-27T10:15:08.400", - "lastModified": "2023-11-27T13:52:09.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:37:48.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.12", + "matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.3", + "matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.1", + "matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48713.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48713.json index 6b44d7bec2b..463126ec488 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48713.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48713.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48713", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-28T04:15:07.820", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:53:20.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,22 +80,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.10.5", + "matchCriteriaId": "F83BBBFD-C622-41D7-BE6A-D7BA52B6B2D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.11.0", + "versionEndExcluding": "1.11.3", + "matchCriteriaId": "3672D2F9-C70C-4FC1-8992-B8EB42F755BB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49145.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49145.json index 05d7b28f564..f5e2e746fcd 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49145.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49145.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49145", "sourceIdentifier": "security@apache.org", "published": "2023-11-27T23:15:07.780", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:01:41.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@apache.org", "type": "Secondary", @@ -50,18 +70,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.7.0", + "versionEndExcluding": "1.24.0", + "matchCriteriaId": "5833EB7C-1FFC-458E-90C0-59FD98000131" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/27/5", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://nifi.apache.org/security.html#CVE-2023-49145", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49276.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49276.json new file mode 100644 index 00000000000..d19bf820924 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49276.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49276", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-01T22:15:10.563", + "lastModified": "2023-12-01T22:15:10.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/louislam/uptime-kuma/commit/f28dccf4e11f041564293e4f407e69ab9ee2277f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-v4v2-8h88-65qj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49277.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49277.json new file mode 100644 index 00000000000..e34f53d28cb --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49277.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49277", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-01T21:15:08.857", + "lastModified": "2023-12-01T21:15:08.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/DarrenOfficial/dpaste/commit/44a666a79b3b29ed4f340600bfcf55113bfb7086", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/DarrenOfficial/dpaste/security/advisories/GHSA-r8j9-5cj7-cv39", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49281.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49281.json new file mode 100644 index 00000000000..27aa265d32e --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49281.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-49281", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-01T22:15:10.760", + "lastModified": "2023-12-01T22:15:10.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Cainor/Calendarinho/commit/15b2393efd69101727d27a4e710880ce46e84d70", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Cainor/Calendarinho/commit/9a0174bef939565a76cbe7762996ecddca9ba55e", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Cainor/Calendarinho/commit/c77defeb0103c1f7a4709799b8751aaeb0d09eed", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Cainor/Calendarinho/security/advisories/GHSA-g2gp-x888-6xrj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5960.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5960.json index afca1ab11fe..e35ccd73ef5 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5960.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5960.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5960", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-11-28T03:15:07.310", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:43:59.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,118 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.37", + "matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.30", + "versionEndIncluding": "5.37", + "matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6202.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6202.json index bb3368bc938..1ae088685a4 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6202.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6202.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6202", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-11-27T10:15:08.677", - "lastModified": "2023-11-27T13:52:09.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T21:40:49.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.12", + "matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.3", + "matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6462.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6462.json new file mode 100644 index 00000000000..9566a8fb322 --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6462.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6462", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-01T22:15:10.960", + "lastModified": "2023-12-01T22:15:10.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/qqisee/vulndis/blob/main/xss_delete_user.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.246612", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.246612", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 41b5e99f91c..7d9d06dc779 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-01T21:00:18.640057+00:00 +2023-12-01T23:00:18.041174+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-01T20:57:34.647000+00:00 +2023-12-01T22:15:10.960000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231959 +231974 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `15` -* [CVE-2023-26024](CVE-2023/CVE-2023-260xx/CVE-2023-26024.json) (`2023-12-01T19:15:07.640`) -* [CVE-2023-38268](CVE-2023/CVE-2023-382xx/CVE-2023-38268.json) (`2023-12-01T20:15:07.083`) -* [CVE-2023-43015](CVE-2023/CVE-2023-430xx/CVE-2023-43015.json) (`2023-12-01T20:15:07.287`) +* [CVE-2023-40699](CVE-2023/CVE-2023-406xx/CVE-2023-40699.json) (`2023-12-01T21:15:07.633`) +* [CVE-2023-42009](CVE-2023/CVE-2023-420xx/CVE-2023-42009.json) (`2023-12-01T21:15:07.857`) +* [CVE-2023-42019](CVE-2023/CVE-2023-420xx/CVE-2023-42019.json) (`2023-12-01T21:15:08.053`) +* [CVE-2023-42022](CVE-2023/CVE-2023-420xx/CVE-2023-42022.json) (`2023-12-01T21:15:08.260`) +* [CVE-2023-43021](CVE-2023/CVE-2023-430xx/CVE-2023-43021.json) (`2023-12-01T21:15:08.460`) +* [CVE-2023-46174](CVE-2023/CVE-2023-461xx/CVE-2023-46174.json) (`2023-12-01T21:15:08.663`) +* [CVE-2023-49277](CVE-2023/CVE-2023-492xx/CVE-2023-49277.json) (`2023-12-01T21:15:08.857`) +* [CVE-2023-44381](CVE-2023/CVE-2023-443xx/CVE-2023-44381.json) (`2023-12-01T22:15:09.573`) +* [CVE-2023-44382](CVE-2023/CVE-2023-443xx/CVE-2023-44382.json) (`2023-12-01T22:15:09.780`) +* [CVE-2023-44402](CVE-2023/CVE-2023-444xx/CVE-2023-44402.json) (`2023-12-01T22:15:09.970`) +* [CVE-2023-46746](CVE-2023/CVE-2023-467xx/CVE-2023-46746.json) (`2023-12-01T22:15:10.167`) +* [CVE-2023-48314](CVE-2023/CVE-2023-483xx/CVE-2023-48314.json) (`2023-12-01T22:15:10.360`) +* [CVE-2023-49276](CVE-2023/CVE-2023-492xx/CVE-2023-49276.json) (`2023-12-01T22:15:10.563`) +* [CVE-2023-49281](CVE-2023/CVE-2023-492xx/CVE-2023-49281.json) (`2023-12-01T22:15:10.760`) +* [CVE-2023-6462](CVE-2023/CVE-2023-64xx/CVE-2023-6462.json) (`2023-12-01T22:15:10.960`) ### CVEs modified in the last Commit -Recently modified CVEs: `55` +Recently modified CVEs: `23` -* [CVE-2023-5885](CVE-2023/CVE-2023-58xx/CVE-2023-5885.json) (`2023-12-01T20:10:57.750`) -* [CVE-2023-47503](CVE-2023/CVE-2023-475xx/CVE-2023-47503.json) (`2023-12-01T20:13:12.863`) -* [CVE-2023-48711](CVE-2023/CVE-2023-487xx/CVE-2023-48711.json) (`2023-12-01T20:13:43.540`) -* [CVE-2023-6276](CVE-2023/CVE-2023-62xx/CVE-2023-6276.json) (`2023-12-01T20:14:23.160`) -* [CVE-2023-48796](CVE-2023/CVE-2023-487xx/CVE-2023-48796.json) (`2023-12-01T20:14:35.870`) -* [CVE-2023-5974](CVE-2023/CVE-2023-59xx/CVE-2023-5974.json) (`2023-12-01T20:14:58.070`) -* [CVE-2023-44303](CVE-2023/CVE-2023-443xx/CVE-2023-44303.json) (`2023-12-01T20:16:07.103`) -* [CVE-2023-6345](CVE-2023/CVE-2023-63xx/CVE-2023-6345.json) (`2023-12-01T20:18:41.460`) -* [CVE-2023-6346](CVE-2023/CVE-2023-63xx/CVE-2023-6346.json) (`2023-12-01T20:20:30.500`) -* [CVE-2023-6347](CVE-2023/CVE-2023-63xx/CVE-2023-6347.json) (`2023-12-01T20:24:37.130`) -* [CVE-2023-6350](CVE-2023/CVE-2023-63xx/CVE-2023-6350.json) (`2023-12-01T20:28:07.370`) -* [CVE-2023-47865](CVE-2023/CVE-2023-478xx/CVE-2023-47865.json) (`2023-12-01T20:38:33.720`) -* [CVE-2023-5906](CVE-2023/CVE-2023-59xx/CVE-2023-5906.json) (`2023-12-01T20:40:23.673`) -* [CVE-2023-5737](CVE-2023/CVE-2023-57xx/CVE-2023-5737.json) (`2023-12-01T20:41:26.787`) -* [CVE-2023-5845](CVE-2023/CVE-2023-58xx/CVE-2023-5845.json) (`2023-12-01T20:48:51.303`) -* [CVE-2023-6329](CVE-2023/CVE-2023-63xx/CVE-2023-6329.json) (`2023-12-01T20:50:45.717`) -* [CVE-2023-41257](CVE-2023/CVE-2023-412xx/CVE-2023-41257.json) (`2023-12-01T20:51:01.553`) -* [CVE-2023-40194](CVE-2023/CVE-2023-401xx/CVE-2023-40194.json) (`2023-12-01T20:51:53.920`) -* [CVE-2023-39542](CVE-2023/CVE-2023-395xx/CVE-2023-39542.json) (`2023-12-01T20:52:29.170`) -* [CVE-2023-38573](CVE-2023/CVE-2023-385xx/CVE-2023-38573.json) (`2023-12-01T20:52:57.627`) -* [CVE-2023-49316](CVE-2023/CVE-2023-493xx/CVE-2023-49316.json) (`2023-12-01T20:54:48.077`) -* [CVE-2023-32616](CVE-2023/CVE-2023-326xx/CVE-2023-32616.json) (`2023-12-01T20:55:14.250`) -* [CVE-2023-35985](CVE-2023/CVE-2023-359xx/CVE-2023-35985.json) (`2023-12-01T20:55:23.353`) -* [CVE-2023-6219](CVE-2023/CVE-2023-62xx/CVE-2023-6219.json) (`2023-12-01T20:57:20.553`) -* [CVE-2023-29770](CVE-2023/CVE-2023-297xx/CVE-2023-29770.json) (`2023-12-01T20:57:34.647`) +* [CVE-2014-125084](CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json) (`2023-12-01T22:03:27.830`) +* [CVE-2014-125081](CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json) (`2023-12-01T22:04:49.620`) +* [CVE-2014-125093](CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json) (`2023-12-01T22:05:39.367`) +* [CVE-2014-125095](CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json) (`2023-12-01T22:08:11.780`) +* [CVE-2014-125096](CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json) (`2023-12-01T22:10:36.937`) +* [CVE-2017-20155](CVE-2017/CVE-2017-201xx/CVE-2017-20155.json) (`2023-12-01T22:07:13.797`) +* [CVE-2017-20156](CVE-2017/CVE-2017-201xx/CVE-2017-20156.json) (`2023-12-01T22:09:35.407`) +* [CVE-2022-40433](CVE-2022/CVE-2022-404xx/CVE-2022-40433.json) (`2023-12-01T21:15:07.527`) +* [CVE-2023-49145](CVE-2023/CVE-2023-491xx/CVE-2023-49145.json) (`2023-12-01T21:01:41.407`) +* [CVE-2023-46480](CVE-2023/CVE-2023-464xx/CVE-2023-46480.json) (`2023-12-01T21:04:35.097`) +* [CVE-2023-46355](CVE-2023/CVE-2023-463xx/CVE-2023-46355.json) (`2023-12-01T21:17:19.887`) +* [CVE-2023-25632](CVE-2023/CVE-2023-256xx/CVE-2023-25632.json) (`2023-12-01T21:17:40.063`) +* [CVE-2023-43754](CVE-2023/CVE-2023-437xx/CVE-2023-43754.json) (`2023-12-01T21:18:42.600`) +* [CVE-2023-45223](CVE-2023/CVE-2023-452xx/CVE-2023-45223.json) (`2023-12-01T21:22:56.440`) +* [CVE-2023-47168](CVE-2023/CVE-2023-471xx/CVE-2023-47168.json) (`2023-12-01T21:24:07.470`) +* [CVE-2023-48268](CVE-2023/CVE-2023-482xx/CVE-2023-48268.json) (`2023-12-01T21:30:14.497`) +* [CVE-2023-48369](CVE-2023/CVE-2023-483xx/CVE-2023-48369.json) (`2023-12-01T21:37:48.153`) +* [CVE-2023-6202](CVE-2023/CVE-2023-62xx/CVE-2023-6202.json) (`2023-12-01T21:40:49.863`) +* [CVE-2023-5960](CVE-2023/CVE-2023-59xx/CVE-2023-5960.json) (`2023-12-01T21:43:59.323`) +* [CVE-2023-32063](CVE-2023/CVE-2023-320xx/CVE-2023-32063.json) (`2023-12-01T21:46:28.420`) +* [CVE-2023-48713](CVE-2023/CVE-2023-487xx/CVE-2023-48713.json) (`2023-12-01T21:53:20.687`) +* [CVE-2023-32065](CVE-2023/CVE-2023-320xx/CVE-2023-32065.json) (`2023-12-01T22:00:52.193`) +* [CVE-2023-32064](CVE-2023/CVE-2023-320xx/CVE-2023-32064.json) (`2023-12-01T22:01:44.107`) ## Download and Usage