diff --git a/CVE-2015/CVE-2015-13xx/CVE-2015-1390.json b/CVE-2015/CVE-2015-13xx/CVE-2015-1390.json new file mode 100644 index 00000000000..56e215b70f9 --- /dev/null +++ b/CVE-2015/CVE-2015-13xx/CVE-2015-1390.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2015-1390", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T18:15:07.797", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2015/CVE-2015-13xx/CVE-2015-1391.json b/CVE-2015/CVE-2015-13xx/CVE-2015-1391.json new file mode 100644 index 00000000000..862b07e5107 --- /dev/null +++ b/CVE-2015/CVE-2015-13xx/CVE-2015-1391.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2015-1391", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T18:15:07.997", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2015/CVE-2015-22xx/CVE-2015-2201.json b/CVE-2015/CVE-2015-22xx/CVE-2015-2201.json new file mode 100644 index 00000000000..93a46ddfa77 --- /dev/null +++ b/CVE-2015/CVE-2015-22xx/CVE-2015-2201.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2015-2201", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T18:15:08.177", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2015/CVE-2015-22xx/CVE-2015-2202.json b/CVE-2015/CVE-2015-22xx/CVE-2015-2202.json new file mode 100644 index 00000000000..c8333b07fa8 --- /dev/null +++ b/CVE-2015/CVE-2015-22xx/CVE-2015-2202.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2015-2202", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T18:15:08.357", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2017/CVE-2017-94xx/CVE-2017-9453.json b/CVE-2017/CVE-2017-94xx/CVE-2017-9453.json new file mode 100644 index 00000000000..7a2b275a3b2 --- /dev/null +++ b/CVE-2017/CVE-2017-94xx/CVE-2017-9453.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2017-9453", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T18:15:08.537", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-355xx/CVE-2020-35593.json b/CVE-2020/CVE-2020-355xx/CVE-2020-35593.json new file mode 100644 index 00000000000..b91e81419dc --- /dev/null +++ b/CVE-2020/CVE-2020-355xx/CVE-2020-35593.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2020-35593", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T19:15:48.407", + "lastModified": "2023-09-05T19:15:48.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://web.archive.org/web/20210106175128/", + "source": "cve@mitre.org" + }, + { + "url": "https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593", + "source": "cve@mitre.org" + }, + { + "url": "https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593.aa", + "source": "cve@mitre.org" + }, + { + "url": "https://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=304517", + "source": "cve@mitre.org" + }, + { + "url": "https://www.securifera.com/advisories/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.securifera.com/blog/2021/03/08/bmc-patrol-agent-domain-user-to-domain-admin-part-2/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-32xx/CVE-2021-3262.json b/CVE-2021/CVE-2021-32xx/CVE-2021-3262.json index 3133d859041..fefc908f806 100644 --- a/CVE-2021/CVE-2021-32xx/CVE-2021-3262.json +++ b/CVE-2021/CVE-2021-32xx/CVE-2021-3262.json @@ -2,27 +2,94 @@ "id": "CVE-2021-3262", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-29T20:15:09.487", - "lastModified": "2023-08-29T20:41:07.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:58:59.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the \"Student Busing Information\" search queries." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trispark:novusedu:2.2.x-xp_bb-20201123-184084:*:*:*:*:*:*:*", + "matchCriteriaId": "D5F18292-9ACB-411B-B539-A6ADF2EAACCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trispark:veo_transportation:2.2.x-xp_bb-20201123-184084os:*:*:*:*:*:*:*", + "matchCriteriaId": "B988A3AA-75DA-4C34-8EC7-169FB5A44307" + } + ] + } + ] + } + ], "references": [ { "url": "http://tripspark.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "http://veo.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://susos.co/blog/f/cve-disclosureuncovered-sql-injection-in-tripspark-veo-transport", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-405xx/CVE-2021-40546.json b/CVE-2021/CVE-2021-405xx/CVE-2021-40546.json new file mode 100644 index 00000000000..4b8129aef6a --- /dev/null +++ b/CVE-2021/CVE-2021-405xx/CVE-2021-40546.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-40546", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T19:15:48.523", + "lastModified": "2023-09-05T19:15:48.523", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/doudoudedi/buffer_overflow/blob/main/Tenda%20AC6%20V4.0-Denial%20of%20Service%20Vulnerability.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0689.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0689.json index bc7b4d30b6e..42f7312039f 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0689.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0689.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0689", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:08.097", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:13:37.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,18 +46,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.3.2", + "matchCriteriaId": "FC363079-6594-457C-8520-F66F553B0862" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2910040/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/356cf06e-16e7-438b-83b5-c8a52a21f903?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1995.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1995.json index bdebf278134..a742b1cd27b 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1995.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1995.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1995", "sourceIdentifier": "hirt@hitachi.co.jp", "published": "2023-08-29T02:15:07.837", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:51:17.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "hirt@hitachi.co.jp", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "hirt@hitachi.co.jp", "type": "Secondary", @@ -46,10 +76,852 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-00", + "versionEndIncluding": "09-00-2d", + "matchCriteriaId": "7837DEBB-4D67-43FF-830F-368F348F62D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-01", + "versionEndIncluding": "09-01-\\/x", + "matchCriteriaId": "58BFF7DD-E35B-4097-91EF-90DA09E28E1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-02", + "versionEndIncluding": "09-02-2f", + "matchCriteriaId": "230AACB2-1DE2-411C-92B0-569291FBB071" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-03", + "versionEndIncluding": "09-03-2a", + "matchCriteriaId": "3708DAC0-4D6E-4E4C-9860-B058F6CA6156" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-04", + "versionEndIncluding": "09-04-2s", + "matchCriteriaId": "486B7B6C-CE2E-4CFD-9F68-099D3FA699D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-50", + "versionEndIncluding": "09-50-2k", + "matchCriteriaId": "6448FD1E-FE56-4794-A414-2DBA55B6D350" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-60", + "versionEndIncluding": "09-60-2k", + "matchCriteriaId": "3AACB9A2-0871-4D6A-94E4-C02D9A2A42FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-65", + "versionEndIncluding": "09-65-\\/v", + "matchCriteriaId": "FE3E598E-F058-4736-A68B-73DEC061BA93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-66", + "versionEndIncluding": "09-66-\\/p", + "matchCriteriaId": "7FE0D7DB-2930-44B7-BBAE-087D26E85088" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-00", + "versionEndIncluding": "09-00-2f", + "matchCriteriaId": "99A3C3D6-827C-4426-84EB-4DC8BF85D366" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-01", + "versionEndIncluding": "09-01-\\/x", + "matchCriteriaId": "58BFF7DD-E35B-4097-91EF-90DA09E28E1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-02", + "versionEndIncluding": "09-02-2f", + "matchCriteriaId": "230AACB2-1DE2-411C-92B0-569291FBB071" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-03", + "versionEndIncluding": "09-03-2e", + "matchCriteriaId": "87BE182F-AA17-462E-87E4-AC449A84C7E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-04", + "versionEndIncluding": "09-04-2s", + "matchCriteriaId": "486B7B6C-CE2E-4CFD-9F68-099D3FA699D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-50", + "versionEndIncluding": "09-50-2k", + "matchCriteriaId": "6448FD1E-FE56-4794-A414-2DBA55B6D350" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-60", + "versionEndIncluding": "09-60-2l", + "matchCriteriaId": "F5DAFD13-DA04-441A-AC6C-EBF103A0A0AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-65", + "versionEndIncluding": "09-65-\\/v", + "matchCriteriaId": "FE3E598E-F058-4736-A68B-73DEC061BA93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server_with_additional_function:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-66", + "versionEndIncluding": "09-66-\\/p", + "matchCriteriaId": "7FE0D7DB-2930-44B7-BBAE-087D26E85088" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_structured_data_access_facility:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-60", + "versionEndIncluding": "09-60-37", + "matchCriteriaId": "51F67A46-BBC2-40DB-9EC5-5959198FD09C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_structured_data_access_facility:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-66", + "versionEndIncluding": "09-66-06", + "matchCriteriaId": "0F89C7D4-9D27-48D1-B972-FF9D5427C4EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_structured_data_access_facility:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-01", + "versionEndIncluding": "10-01-03", + "matchCriteriaId": "C352C8A6-5C6A-4366-92A4-37C61EBCE10F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_structured_data_access_facility:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-02", + "versionEndIncluding": "10-02-12", + "matchCriteriaId": "A17CF9FE-4C98-4CE7-B26B-D5B2292E99EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_structured_data_access_facility:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-03", + "versionEndIncluding": "10-03-10", + "matchCriteriaId": "7194B299-9035-4E68-A7FE-45C47B076034" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_structured_data_access_facility:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-04", + "versionEndIncluding": "10-04-05", + "matchCriteriaId": "637D08C2-FEDC-4AA8-BD39-D18EA41B8150" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_structured_data_access_facility:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-06", + "versionEndIncluding": "10-06-01", + "matchCriteriaId": "C8D58E05-C5E1-4980-B45B-502F459944F9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-00", + "versionEndIncluding": "09-00-30", + "matchCriteriaId": "18B602AA-B070-4F99-B745-7A9239982429" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-01", + "versionEndIncluding": "09-01-24", + "matchCriteriaId": "CE523856-82CE-4BFF-A4AB-F57227DA663B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-02", + "versionEndIncluding": "09-02-32", + "matchCriteriaId": "C0A8B7DB-7574-4145-A233-0155D500A66F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-03", + "versionEndIncluding": "09-03-27", + "matchCriteriaId": "E2B6818D-44C0-4A82-8EB5-AE38AF440393" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-04", + "versionEndIncluding": "09-04-31", + "matchCriteriaId": "207F110F-ADF8-4435-944E-0A70078A4929" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", + "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-00", + "versionEndIncluding": "09-00-32", + "matchCriteriaId": "6FA8A1C2-BE3C-42B1-83F2-FBD222885441" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-01", + "versionEndIncluding": "09-01-24", + "matchCriteriaId": "CE523856-82CE-4BFF-A4AB-F57227DA663B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-02", + "versionEndIncluding": "09-02-32", + "matchCriteriaId": "C0A8B7DB-7574-4145-A233-0155D500A66F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-03", + "versionEndIncluding": "09-03-31", + "matchCriteriaId": "D1DB5AE2-4B5B-4A02-825C-7C60CFF68566" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-04", + "versionEndIncluding": "09-04-45", + "matchCriteriaId": "BCA19FB6-4857-45C6-AE8A-1E595BCED720" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-50", + "versionEndIncluding": "09-50-37", + "matchCriteriaId": "6B837A88-3540-4E0A-8990-2C104F29B83B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-60", + "versionEndIncluding": "09-60-38", + "matchCriteriaId": "C77DAC93-F790-4B95-940E-27A0760EE0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-65", + "versionEndIncluding": "09-65-22", + "matchCriteriaId": "734DA866-73FE-44ED-9ACA-A2F8B2EAA864" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-66", + "versionEndIncluding": "09-66-16", + "matchCriteriaId": "CA0E48D8-0E51-4285-B45A-AA51BB9FA6E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-00", + "versionEndIncluding": "10-00-09", + "matchCriteriaId": "2811D25F-149E-42CC-B42F-53F07F35A5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-01", + "versionEndIncluding": "10-01-09", + "matchCriteriaId": "BC83E202-53B1-49DA-9B41-F9363E4B67E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-02", + "versionEndIncluding": "10-02-12", + "matchCriteriaId": "38A6B887-F649-4F24-936F-9C9FA01E461A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-03", + "versionEndIncluding": "10-03-11", + "matchCriteriaId": "B3E74F46-58B2-418F-BB45-4D37BC4F1BBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-04", + "versionEndIncluding": "10-04-04", + "matchCriteriaId": "D2106B76-64E9-49A7-A053-862D703531A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-05", + "versionEndIncluding": "10-05-05", + "matchCriteriaId": "52455D98-0880-4FD5-B9C6-59DE198A1ED6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-06", + "versionEndIncluding": "10-06-01", + "matchCriteriaId": "A7853F8F-CA6D-402E-8A58-11FA6283BD50" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-00", + "versionEndIncluding": "09-00-32", + "matchCriteriaId": "6FA8A1C2-BE3C-42B1-83F2-FBD222885441" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-01", + "versionEndIncluding": "09-01-24", + "matchCriteriaId": "CE523856-82CE-4BFF-A4AB-F57227DA663B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-02", + "versionEndIncluding": "09-02-32", + "matchCriteriaId": "C0A8B7DB-7574-4145-A233-0155D500A66F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-03", + "versionEndIncluding": "09-03-31", + "matchCriteriaId": "D1DB5AE2-4B5B-4A02-825C-7C60CFF68566" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-04", + "versionEndIncluding": "09-04-45", + "matchCriteriaId": "BCA19FB6-4857-45C6-AE8A-1E595BCED720" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-50", + "versionEndIncluding": "09-50-37", + "matchCriteriaId": "6B837A88-3540-4E0A-8990-2C104F29B83B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-60", + "versionEndIncluding": "09-60-38", + "matchCriteriaId": "C77DAC93-F790-4B95-940E-27A0760EE0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-65", + "versionEndIncluding": "09-65-22", + "matchCriteriaId": "734DA866-73FE-44ED-9ACA-A2F8B2EAA864" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-66", + "versionEndIncluding": "09-66-16", + "matchCriteriaId": "CA0E48D8-0E51-4285-B45A-AA51BB9FA6E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-00", + "versionEndIncluding": "10-00-09", + "matchCriteriaId": "2811D25F-149E-42CC-B42F-53F07F35A5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-01", + "versionEndIncluding": "10-01-09", + "matchCriteriaId": "BC83E202-53B1-49DA-9B41-F9363E4B67E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-02", + "versionEndIncluding": "10-02-12", + "matchCriteriaId": "38A6B887-F649-4F24-936F-9C9FA01E461A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-03", + "versionEndIncluding": "10-03-10", + "matchCriteriaId": "4FCF4AF9-1DCB-49E7-90D7-C34311EBA2E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-04", + "versionEndIncluding": "10-04-04", + "matchCriteriaId": "D2106B76-64E9-49A7-A053-862D703531A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-05", + "versionEndIncluding": "10-05-05", + "matchCriteriaId": "52455D98-0880-4FD5-B9C6-59DE198A1ED6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-06", + "versionEndIncluding": "10-06-01", + "matchCriteriaId": "A7853F8F-CA6D-402E-8A58-11FA6283BD50" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-00", + "versionEndIncluding": "09-00-32", + "matchCriteriaId": "6FA8A1C2-BE3C-42B1-83F2-FBD222885441" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-01", + "versionEndIncluding": "09-01-24", + "matchCriteriaId": "CE523856-82CE-4BFF-A4AB-F57227DA663B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-02", + "versionEndIncluding": "09-02-32", + "matchCriteriaId": "C0A8B7DB-7574-4145-A233-0155D500A66F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-03", + "versionEndIncluding": "09-03-31", + "matchCriteriaId": "D1DB5AE2-4B5B-4A02-825C-7C60CFF68566" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-04", + "versionEndIncluding": "09-04-45", + "matchCriteriaId": "BCA19FB6-4857-45C6-AE8A-1E595BCED720" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-50", + "versionEndIncluding": "09-50-37", + "matchCriteriaId": "6B837A88-3540-4E0A-8990-2C104F29B83B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-60", + "versionEndIncluding": "09-60-38", + "matchCriteriaId": "C77DAC93-F790-4B95-940E-27A0760EE0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-65", + "versionEndIncluding": "09-65-22", + "matchCriteriaId": "734DA866-73FE-44ED-9ACA-A2F8B2EAA864" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-66", + "versionEndIncluding": "09-66-16", + "matchCriteriaId": "CA0E48D8-0E51-4285-B45A-AA51BB9FA6E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-00", + "versionEndIncluding": "10-00-09", + "matchCriteriaId": "2811D25F-149E-42CC-B42F-53F07F35A5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-01", + "versionEndIncluding": "10-01-09", + "matchCriteriaId": "BC83E202-53B1-49DA-9B41-F9363E4B67E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-02", + "versionEndIncluding": "10-02-12", + "matchCriteriaId": "38A6B887-F649-4F24-936F-9C9FA01E461A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-03", + "versionEndIncluding": "10-03-10", + "matchCriteriaId": "4FCF4AF9-1DCB-49E7-90D7-C34311EBA2E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-04", + "versionEndIncluding": "10-04-05", + "matchCriteriaId": "ABB93E1F-C1AE-4AB7-BC6A-C09027D7F5E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-05", + "versionEndIncluding": "10-05-05", + "matchCriteriaId": "52455D98-0880-4FD5-B9C6-59DE198A1ED6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-06", + "versionEndIncluding": "10-06-01", + "matchCriteriaId": "A7853F8F-CA6D-402E-8A58-11FA6283BD50" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-00", + "versionEndIncluding": "09-00-30", + "matchCriteriaId": "18B602AA-B070-4F99-B745-7A9239982429" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-01", + "versionEndIncluding": "09-01-24", + "matchCriteriaId": "CE523856-82CE-4BFF-A4AB-F57227DA663B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-02", + "versionEndIncluding": "09-02-32", + "matchCriteriaId": "C0A8B7DB-7574-4145-A233-0155D500A66F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-03", + "versionEndIncluding": "09-03-27", + "matchCriteriaId": "E2B6818D-44C0-4A82-8EB5-AE38AF440393" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-04", + "versionEndIncluding": "09-04-45", + "matchCriteriaId": "BCA19FB6-4857-45C6-AE8A-1E595BCED720" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-50", + "versionEndIncluding": "09-50-37", + "matchCriteriaId": "6B837A88-3540-4E0A-8990-2C104F29B83B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-60", + "versionEndIncluding": "09-60-37", + "matchCriteriaId": "98FDF634-A08F-4EBF-8678-78463D3CEB40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-65", + "versionEndIncluding": "09-65-22", + "matchCriteriaId": "734DA866-73FE-44ED-9ACA-A2F8B2EAA864" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "09-66", + "versionEndIncluding": "09-66-16", + "matchCriteriaId": "CA0E48D8-0E51-4285-B45A-AA51BB9FA6E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-00", + "versionEndIncluding": "10-00-09", + "matchCriteriaId": "2811D25F-149E-42CC-B42F-53F07F35A5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-01", + "versionEndIncluding": "10-01-09", + "matchCriteriaId": "BC83E202-53B1-49DA-9B41-F9363E4B67E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-02", + "versionEndIncluding": "10-02-12", + "matchCriteriaId": "38A6B887-F649-4F24-936F-9C9FA01E461A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-03", + "versionEndIncluding": "10-03-10", + "matchCriteriaId": "4FCF4AF9-1DCB-49E7-90D7-C34311EBA2E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-04", + "versionEndIncluding": "10-04-04", + "matchCriteriaId": "D2106B76-64E9-49A7-A053-862D703531A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:hirdb_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10-05", + "versionEndIncluding": "10-05-05", + "matchCriteriaId": "52455D98-0880-4FD5-B9C6-59DE198A1ED6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-133/index.html", - "source": "hirt@hitachi.co.jp" + "source": "hirt@hitachi.co.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2188.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2188.json index b0c82ce6d3a..429cc177774 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2188.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2188.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2188", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:08.957", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:13:27.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:extendthemes:colibri_page_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.229", + "matchCriteriaId": "F30E150B-C88B-4BCC-BFE3-B7D25134F5EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/colibri-page-builder/trunk/extend-builder/utils.php#L556", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2922722/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c73d4b78-72aa-409a-a787-898179773b82?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2229.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2229.json index f7e0d297a7f..fb9cce49b7a 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2229.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2229.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2229", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:09.077", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:12:06.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,14 +46,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpspeedx:rduplicator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0", + "matchCriteriaId": "36EBABC7-0F5D-4D93-A570-9CDC070E8978" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/rduplicator/trunk/quick-post-duplicator.php?rev=2844890", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34e31a0f-27de-4536-9a7e-b8f68e557b3f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2279.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2279.json index c561d50fb5a..2f84f46b39c 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2279.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2279.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2279", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:09.187", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:06:25.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,18 +46,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdirectorykit:wp_directory_kit:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.2", + "matchCriteriaId": "017D3E2E-01CD-4214-9C59-F04DC40838B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/admin/class-wpdirectorykit-admin.php#L170", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2905795%40wpdirectorykit%2Ftrunk&old=2905046%40wpdirectorykit%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a7a6da3-d67c-42b3-8826-7e7fc9b938b4?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23765.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23765.json index 3ef984a9ed7..2cab84ff4ae 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23765.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23765.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23765", "sourceIdentifier": "product-cna@github.com", "published": "2023-08-30T23:15:08.447", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:37:07.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "product-cna@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + }, { "source": "product-cna@github.com", "type": "Secondary", @@ -46,22 +76,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.6.0", + "versionEndExcluding": "3.6.16", + "matchCriteriaId": "10385908-47E5-406D-B382-01EE299772C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7.0", + "versionEndExcluding": "3.7.13", + "matchCriteriaId": "B5304976-43C5-4893-B73F-5A86BAF9FF52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.8.0", + "versionEndExcluding": "3.8.6", + "matchCriteriaId": "1FC3C00D-829D-4027-B86B-D11E2DB22FD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:3.9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2AC0199E-78C5-4423-97D8-33ABFEE4458E" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.16", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.13", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24548.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24548.json index bcd192401c4..c8839d5f506 100644 --- a/CVE-2023/CVE-2023-245xx/CVE-2023-24548.json +++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24548.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24548", "sourceIdentifier": "psirt@arista.com", "published": "2023-08-29T17:15:11.790", - "lastModified": "2023-08-29T18:14:25.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:52:02.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@arista.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "psirt@arista.com", "type": "Secondary", @@ -46,10 +76,274 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.22.1f", + "versionEndIncluding": "4.22.13m", + "matchCriteriaId": "A9F1F226-FDB1-4452-B166-D08635DAEC5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.23.0", + "versionEndIncluding": "4.23.14m", + "matchCriteriaId": "13BE6AE1-4649-4E0B-A4CA-2632CD400940" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.24.0", + "versionEndIncluding": "4.24.11m", + "matchCriteriaId": "2909559A-6FB4-400C-A1AE-BF2B883F4964" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*", + "matchCriteriaId": "37536357-7701-48BE-9751-9BADD8E4AAAF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43B967ED-2212-4558-A9AC-ACA94C94FD39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD7877C6-9DE4-4952-94D2-3A456D02CF1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FD635FB-5EA8-4B02-894C-4C016090AAB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC1F6DBC-212F-4E0B-B039-06955322B0D7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BC474A71-8D2F-4138-9D65-E2F86B0B62DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1943057A-5776-4B20-97C7-03CE14AEA367" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1AE86A14-76ED-4427-94CC-7BF335BB9369" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*", + "matchCriteriaId": "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4EA04EA0-170A-4B79-96B8-8F09D6FFC261" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "939772F0-4352-46C1-B6D5-38FA12EBF6E1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*", + "matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E49B089-AE52-4B47-A3B4-547D10ACED9A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*", + "matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "26FDC60C-860F-40BD-AF13-54712B56C87F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "70658CB0-D114-40E5-866D-B21875FFF93C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6BBA281-F67E-4D13-BDCD-E1164912EC8C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ABAC894C-D39E-4BB2-A968-E2F23C299A29" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9615121C-4EC0-44F5-8C00-E70271CC04A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089", - "source": "psirt@arista.com" + "source": "psirt@arista.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27426.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27426.json index 273bd8e05cb..9e50f682bc8 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27426.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27426.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27426", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-30T13:15:11.453", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-05T18:35:28.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:notifyvisitors:notifyvisitors:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "ED52B08D-9AE2-4596-8AC0-D64911C22315" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/notifyvisitors-lead-form/wordpress-notify-visitors-lead-form-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31242.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31242.json index b124c6ac357..fc8d20c539b 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31242.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31242.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31242", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-05T17:15:08.517", - "lastModified": "2023-09-05T17:31:50.810", + "lastModified": "2023-09-05T18:15:08.780", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769", "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769", + "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31423.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31423.json index be5b1812550..e6236a76b8b 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31423.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31423.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31423", "sourceIdentifier": "sirt@brocade.com", "published": "2023-08-31T01:15:07.860", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:36:32.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.2.2a", + "matchCriteriaId": "0D1A8656-FE4D-44EC-B72F-C15FAF7B465D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22508", - "source": "sirt@brocade.com" + "source": "sirt@brocade.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31424.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31424.json index d2311b628f9..893ab1ac346 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31424.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31424.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31424", "sourceIdentifier": "sirt@brocade.com", "published": "2023-08-31T01:15:08.537", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:18:05.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.2.2a", + "matchCriteriaId": "0D1A8656-FE4D-44EC-B72F-C15FAF7B465D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22507", - "source": "sirt@brocade.com" + "source": "sirt@brocade.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31925.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31925.json index 828e304ff0c..38ce45d2aeb 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31925.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31925.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31925", "sourceIdentifier": "sirt@brocade.com", "published": "2023-08-31T01:15:08.753", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:24:04.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.2.2a", + "matchCriteriaId": "0D1A8656-FE4D-44EC-B72F-C15FAF7B465D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506", - "source": "sirt@brocade.com" + "source": "sirt@brocade.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32271.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32271.json index 804a5441c65..70e14fb7218 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32271.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32271.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32271", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-05T17:15:08.670", - "lastModified": "2023-09-05T17:31:50.810", + "lastModified": "2023-09-05T18:15:09.000", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774", "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774", + "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32615.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32615.json index 61d19ddda92..2e87d62a013 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32615.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32615.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32615", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-05T17:15:08.777", - "lastModified": "2023-09-05T17:31:50.810", + "lastModified": "2023-09-05T18:15:09.187", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771", "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771", + "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34317.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34317.json index 97d879b3a62..a4bb76cc5c8 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34317.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34317.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34317", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-05T17:15:08.877", - "lastModified": "2023-09-05T17:31:50.810", + "lastModified": "2023-09-05T18:15:09.367", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772", "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772", + "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34353.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34353.json index 2f149e1ddff..f6fda1dd40a 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34353.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34353.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34353", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-05T17:15:08.963", - "lastModified": "2023-09-05T17:31:50.810", + "lastModified": "2023-09-05T18:15:09.533", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776", "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776", + "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34994.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34994.json index 3209213371d..e67b34237ac 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34994.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34994.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34994", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-05T17:15:09.053", - "lastModified": "2023-09-05T17:31:50.810", + "lastModified": "2023-09-05T18:15:09.717", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773", "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773", + "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34998.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34998.json index 6c3f3307a4e..7025609888b 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34998.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34998.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34998", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-05T17:15:09.153", - "lastModified": "2023-09-05T17:31:50.810", + "lastModified": "2023-09-05T18:15:09.897", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770", "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770", + "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35065.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35065.json new file mode 100644 index 00000000000..d2a2ec20bc6 --- /dev/null +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35065.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35065", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-09-05T18:15:10.067", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0490", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35068.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35068.json new file mode 100644 index 00000000000..b65e2a9e9f5 --- /dev/null +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35068.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35068", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-09-05T18:15:10.327", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0491", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35072.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35072.json new file mode 100644 index 00000000000..59b73911697 --- /dev/null +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35072.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35072", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-09-05T18:15:10.507", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 .\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0492", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35124.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35124.json index 40d3416663a..31248b2ab0c 100644 --- a/CVE-2023/CVE-2023-351xx/CVE-2023-35124.json +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35124.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35124", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-05T17:15:09.237", - "lastModified": "2023-09-05T17:31:50.810", + "lastModified": "2023-09-05T18:15:10.703", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775", "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775", + "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3616.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3616.json new file mode 100644 index 00000000000..66b25bcab4d --- /dev/null +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3616.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3616", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-09-05T18:15:11.150", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0493", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3636.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3636.json index 72c004a1fa3..47f09cbc0c3 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3636.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3636.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3636", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:10.003", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:06:11.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -36,8 +36,18 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +56,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.6.5", + "matchCriteriaId": "E79AF393-3B7F-4766-B73B-E0A0EE6CEE32" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wedevs-project-manager/tags/2.6.3/src/User/Controllers/User_Controller.php#L158", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2942291/wedevs-project-manager#file1792", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a5e4708-db3e-483c-852f-1a487825cf92?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3646.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3646.json index d77ec14e2b7..14092e8af39 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3646.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3646.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3646", "sourceIdentifier": "psirt@arista.com", "published": "2023-08-29T17:15:12.727", - "lastModified": "2023-08-29T18:14:25.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:52:13.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@arista.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "psirt@arista.com", "type": "Secondary", @@ -46,10 +76,278 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.28.2f", + "versionEndIncluding": "4.28.5.1m", + "matchCriteriaId": "24F7B09D-0669-4855-A981-E462090A10F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.29.0", + "versionEndExcluding": "4.29.2f", + "matchCriteriaId": "24621B26-04A1-4693-BCB4-437544C08B50" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43B967ED-2212-4558-A9AC-ACA94C94FD39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD7877C6-9DE4-4952-94D2-3A456D02CF1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FD635FB-5EA8-4B02-894C-4C016090AAB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC1F6DBC-212F-4E0B-B039-06955322B0D7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BC474A71-8D2F-4138-9D65-E2F86B0B62DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1943057A-5776-4B20-97C7-03CE14AEA367" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1AE86A14-76ED-4427-94CC-7BF335BB9369" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*", + "matchCriteriaId": "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4EA04EA0-170A-4B79-96B8-8F09D6FFC261" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "939772F0-4352-46C1-B6D5-38FA12EBF6E1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7289r3a-sc:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A375EB2-6D78-4D81-AB8D-4AC501DC0A4F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7289r3ak-sc:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E8CA46EA-F9AE-42FA-A0D9-EDB82060AB6D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7289r3am-sc:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6F9FD45E-2D76-43A0-AE2A-C6DC59C45984" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*", + "matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E49B089-AE52-4B47-A3B4-547D10ACED9A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*", + "matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "26FDC60C-860F-40BD-AF13-54712B56C87F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "70658CB0-D114-40E5-866D-B21875FFF93C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6BBA281-F67E-4D13-BDCD-E1164912EC8C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ABAC894C-D39E-4BB2-A968-E2F23C299A29" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9615121C-4EC0-44F5-8C00-E70271CC04A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088", - "source": "psirt@arista.com" + "source": "psirt@arista.com", + "tags": [ + "Exploit", + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json index 4159804fc57..6bf930fca3f 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38201", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-25T17:15:08.530", - "lastModified": "2023-08-25T17:51:53.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:13:35.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,22 +54,81 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.5.0", + "matchCriteriaId": "6E69DA87-3EED-4E40-A4CA-495ED6046EE8" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-38201", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222693", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38422.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38422.json index c7d14253868..8cecadffae2 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38422.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38422.json @@ -2,16 +2,40 @@ "id": "CVE-2023-38422", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-08-23T22:15:08.693", - "lastModified": "2023-08-24T02:02:17.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:41:08.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.\n" + }, + { + "lang": "es", + "value": "La versiones de firmware de Walchem Intuition 9 anteriores a la v4.21 carecen de autenticaci\u00f3n para algunas de las rutas API del servidor web de gesti\u00f3n. Esto podr\u00eda permitir a un atacante descargar y exportar datos sensibles. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +70,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:walchem:intuition_9_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.21", + "matchCriteriaId": "4646AA8D-0D63-4026-AB76-29D13BFEAE8B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:walchem:intuition_9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E7C1440-FDB8-49F9-B2A1-981AEE899035" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39137.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39137.json index d893863acb1..ba6b3a9ddf1 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39137.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39137.json @@ -2,31 +2,99 @@ "id": "CVE-2023-39137", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T22:15:09.030", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:04:53.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing." + }, + { + "lang": "es", + "value": "Un problema en Archive v3.3.7 permite a los atacantes falsificar nombres de archivos .zip, lo que puede dar lugar a un an\u00e1lisis inconsistente de los nombres de archivo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:archive_project:archive:3.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "310DCB5F-FF27-4496-9CCC-5730A2BC0BB1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blog.ostorlab.co/zip-packages-exploitation.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/brendan-duncan/archive/issues/266", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://ostorlab.co/vulndb/advisory/OVE-2023-3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_name_spoofing/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39138.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39138.json index 88212250ee7..8cffb661bef 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39138.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39138.json @@ -2,31 +2,99 @@ "id": "CVE-2023-39138", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T22:15:09.083", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:00:03.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file." + }, + { + "lang": "es", + "value": "Un problema en ZIPFoundation v0.9.16 permite a los atacantes ejecutar un salto de ruta a trav\u00e9s de la extracci\u00f3n de un archivo .zip manipulado. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:peakstep:zipfoundation:0.9.16:*:*:*:*:*:*:*", + "matchCriteriaId": "D80F1168-A141-4F13-8964-9FAEB4370CA6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blog.ostorlab.co/zip-packages-exploitation.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/weichsel/ZIPFoundation/issues/282", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://ostorlab.co/vulndb/advisory/OVE-2023-4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://ostorlab.co/vulndb/advisory/OVE-2023-6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39139.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39139.json index 6ee23da1cf4..32932ba963d 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39139.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39139.json @@ -2,27 +2,92 @@ "id": "CVE-2023-39139", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T22:15:09.300", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:59:48.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file." + }, + { + "lang": "es", + "value": "Un problema en Archive v3.2.7 permite a los atacantes ejecutar un salto de directorios a trav\u00e9s de la extracci\u00f3n de un archivo .zip manipulado. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:archive_project:archive:3.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "310DCB5F-FF27-4496-9CCC-5730A2BC0BB1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blog.ostorlab.co/zip-packages-exploitation.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/brendan-duncan/archive/issues/265", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://ostorlab.co/vulndb/advisory/OVE-2023-5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39598.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39598.json new file mode 100644 index 00000000000..47731862eab --- /dev/null +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39598.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39598", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T18:15:10.900", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39681.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39681.json new file mode 100644 index 00000000000..0cd847b2bec --- /dev/null +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39681.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39681", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T18:15:11.027", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/yanbochen97/CuppaCMS_RCE", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40918.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40918.json new file mode 100644 index 00000000000..37ab71def39 --- /dev/null +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40918.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40918", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-05T18:15:11.317", + "lastModified": "2023-09-05T18:29:49.867", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/didi/KnowStreaming/issues/1128", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4034.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4034.json new file mode 100644 index 00000000000..43bf8ddaf65 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4034.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4034", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-09-05T19:15:48.713", + "lastModified": "2023-09-05T19:15:48.713", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.This issue affects Smartrise Document Management System: before Hvl-2.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0494", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41040.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41040.json index 49975309cd5..ba33a5c6835 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41040.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41040.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41040", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-30T22:15:09.857", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:59:32.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +64,51 @@ "value": "CWE-22" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*", + "versionEndIncluding": "3.1.34", + "matchCriteriaId": "AC6BBB91-00CE-4AAE-9B5F-B66261632464" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41041.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41041.json index 30fba3f2a85..0782d120a75 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41041.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41041.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41041", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-30T22:15:10.043", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:37:28.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "5.0.9", + "matchCriteriaId": "5F18A9D7-F631-4E37-BCE2-876D1E0DA431" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1.0", + "versionEndExcluding": "5.1.3", + "matchCriteriaId": "E213B603-847C-439D-86AA-D77E59653492" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Graylog2/graylog2-server/commit/bb88f3d0b2b0351669ab32c60b595ab7242a3fe3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3fqm-frhg-7c85", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41163.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41163.json index 78f258fadda..3988c67d2c9 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41163.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41163.json @@ -2,23 +2,81 @@ "id": "CVE-2023-41163", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T22:15:10.297", - "lastModified": "2023-08-31T23:15:28.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:37:16.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*", + "matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://webmin.com/tags/webmin-changelog/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41317.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41317.json new file mode 100644 index 00000000000..2d25364abe0 --- /dev/null +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41317.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-41317", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-05T19:15:48.610", + "lastModified": "2023-09-05T19:15:48.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when **all of the following conditions are met**: 1. Running Apollo Router v1.28.0, v1.28.1 or v1.29.0 (\"impacted versions\"); **and** 2. The Supergraph schema provided to the Router (either via Apollo Uplink or explicitly via other configuration)\u00a0**has a `subscription` type** with root-fields defined; **and** 3. The YAML configuration provided to the Router **has subscriptions enabled** (they are _disabled_ by default), either by setting `enabled: true` _or_ by setting a valid `mode` within the `subscriptions` object (as seen in [subscriptions' documentation](https://www.apollographql.com/docs/router/executing-operations/subscription-support/#router-setup)); **and** 4. An [anonymous](https://spec.graphql.org/draft/#sec-Anonymous-Operation-Definitions) (i.e., un-named) `subscription` operation (e.g., `subscription { ... }`) is received by the Router If **all four** of these criteria are met, the impacted versions will panic and terminate. There is no data-privacy risk or sensitive-information exposure aspect to this vulnerability. This is fixed in Apollo Router v1.29.1. Users are advised to upgrade. Updating to v1.29.1 should be a clear and simple upgrade path for those running impacted versions. However, if Subscriptions are **not** necessary for your Graph \u2013 but are enabled via configuration \u2014 then disabling subscriptions is another option to mitigate the risk." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apollographql/router/commit/b295c103dd86c57c848397d32e8094edfa8502aa", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/apollographql/router/releases/tag/v1.29.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/apollographql/router/security/advisories/GHSA-w8vq-3hf9-xppx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41376.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41376.json index 4409270d4bb..fe882621082 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41376.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41376.json @@ -2,27 +2,94 @@ "id": "CVE-2023-41376", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-29T16:15:09.350", - "lastModified": "2023-08-29T18:14:25.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:51:38.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nokia:service_router_linux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A8120F65-9D62-416A-B4E6-1A5C134263A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nokia:service_router_operating_system:22.10:*:*:*:*:*:*:*", + "matchCriteriaId": "707BC526-1BBE-44D6-9E90-572BB12B0833" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://news.ycombinator.com/item?id=37305800", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.nokia.com/networks/technologies/service-router-operating-system/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json index 0228bbcf3a6..9eaa2d5ed9a 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json @@ -2,19 +2,76 @@ "id": "CVE-2023-41635", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.763", - "lastModified": "2023-08-31T17:26:00.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:15:24.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-776" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:grupposcai:realgimm:1.1.37:p38:*:*:*:*:*:*", + "matchCriteriaId": "70F3122E-88F6-4276-B519-07DE78B5B032" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41636.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41636.json index 51dcecba913..01268e39c08 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41636.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41636.json @@ -2,19 +2,76 @@ "id": "CVE-2023-41636", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.823", - "lastModified": "2023-08-31T17:26:00.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:13:14.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:grupposcai:realgimm:1.1.37:p38:*:*:*:*:*:*", + "matchCriteriaId": "70F3122E-88F6-4276-B519-07DE78B5B032" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20SQL%20Injection(1).md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41637.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41637.json index bc12fe23757..b510d7e537c 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41637.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41637.json @@ -2,19 +2,76 @@ "id": "CVE-2023-41637", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.877", - "lastModified": "2023-08-31T17:26:00.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:12:41.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:grupposcai:realgimm:1.1.37:p38:*:*:*:*:*:*", + "matchCriteriaId": "70F3122E-88F6-4276-B519-07DE78B5B032" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Stored%20Cross-site%20Scripting.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41638.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41638.json index 9e14bc63050..1a0834ac76e 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41638.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41638.json @@ -2,19 +2,76 @@ "id": "CVE-2023-41638", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.927", - "lastModified": "2023-08-31T17:26:00.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:09:30.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:grupposcai:realgimm:1.1.37:p38:*:*:*:*:*:*", + "matchCriteriaId": "70F3122E-88F6-4276-B519-07DE78B5B032" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20RCE%20via%20Unrestricted%20File%20Upload.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json index 2b93ca74c72..0c02db8c7d1 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json @@ -2,19 +2,76 @@ "id": "CVE-2023-41640", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.977", - "lastModified": "2023-08-31T17:26:00.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:05:32.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:grupposcai:realgimm:1.1.37:p38:*:*:*:*:*:*", + "matchCriteriaId": "70F3122E-88F6-4276-B519-07DE78B5B032" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Information%20disclosure.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4162.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4162.json index 5b776e2469b..fcdcd360640 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4162.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4162.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4162", "sourceIdentifier": "sirt@brocade.com", "published": "2023-08-31T01:15:08.943", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:19:54.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:brocade:fabric_operating_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.1a", + "versionEndExcluding": "9.2.0a", + "matchCriteriaId": "F532D92F-5175-432E-932C-868330D50E7B" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513", - "source": "sirt@brocade.com" + "source": "sirt@brocade.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4163.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4163.json index 947b3a3a496..a8e7e28fb31 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4163.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4163.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4163", "sourceIdentifier": "sirt@brocade.com", "published": "2023-08-31T01:15:09.190", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T18:19:25.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.0a", + "matchCriteriaId": "FDE13EB8-68AA-4E11-80D3-48E88398A70D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514", - "source": "sirt@brocade.com" + "source": "sirt@brocade.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4178.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4178.json new file mode 100644 index 00000000000..3867f9c028d --- /dev/null +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4178.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4178", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-09-05T19:15:48.820", + "lastModified": "2023-09-05T19:15:48.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0496", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4531.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4531.json new file mode 100644 index 00000000000..2f33ffbb9a3 --- /dev/null +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4531.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4531", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-09-05T19:15:48.923", + "lastModified": "2023-09-05T19:15:48.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection.This issue affects E-commerce Software: before 20230901 .\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0495", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4650.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4650.json index 97873f5795a..d2a535d3336 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4650.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4650.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4650", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-31T01:15:09.623", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-05T19:14:55.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.1", + "matchCriteriaId": "56EF3F9B-6CDB-4568-AF80-EEF6D72B72F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/instantsoft/icms2/commit/78ff8ca066e86a65ff35470b5622be3aa7d2f928", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/d92e8985-9d9d-4a62-92e8-ada014ee3b17", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4781.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4781.json new file mode 100644 index 00000000000..e53e3e567ad --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4781.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4781", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-09-05T19:15:49.207", + "lastModified": "2023-09-05T19:15:49.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e4b9d453867..a1be5fd4135 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-05T18:00:24.728779+00:00 +2023-09-05T20:00:37.001145+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-05T17:51:45.430000+00:00 +2023-09-05T19:41:08.010000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,63 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224211 +224230 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `19` -* [CVE-2023-36361](CVE-2023/CVE-2023-363xx/CVE-2023-36361.json) (`2023-09-05T16:15:07.567`) -* [CVE-2023-41012](CVE-2023/CVE-2023-410xx/CVE-2023-41012.json) (`2023-09-05T16:15:07.990`) -* [CVE-2023-41107](CVE-2023/CVE-2023-411xx/CVE-2023-41107.json) (`2023-09-05T16:15:08.050`) -* [CVE-2023-41108](CVE-2023/CVE-2023-411xx/CVE-2023-41108.json) (`2023-09-05T16:15:08.110`) -* [CVE-2023-4778](CVE-2023/CVE-2023-47xx/CVE-2023-4778.json) (`2023-09-05T16:15:08.207`) -* [CVE-2023-31242](CVE-2023/CVE-2023-312xx/CVE-2023-31242.json) (`2023-09-05T17:15:08.517`) -* [CVE-2023-32271](CVE-2023/CVE-2023-322xx/CVE-2023-32271.json) (`2023-09-05T17:15:08.670`) -* [CVE-2023-32615](CVE-2023/CVE-2023-326xx/CVE-2023-32615.json) (`2023-09-05T17:15:08.777`) -* [CVE-2023-34317](CVE-2023/CVE-2023-343xx/CVE-2023-34317.json) (`2023-09-05T17:15:08.877`) -* [CVE-2023-34353](CVE-2023/CVE-2023-343xx/CVE-2023-34353.json) (`2023-09-05T17:15:08.963`) -* [CVE-2023-34994](CVE-2023/CVE-2023-349xx/CVE-2023-34994.json) (`2023-09-05T17:15:09.053`) -* [CVE-2023-34998](CVE-2023/CVE-2023-349xx/CVE-2023-34998.json) (`2023-09-05T17:15:09.153`) -* [CVE-2023-35124](CVE-2023/CVE-2023-351xx/CVE-2023-35124.json) (`2023-09-05T17:15:09.237`) -* [CVE-2023-3374](CVE-2023/CVE-2023-33xx/CVE-2023-3374.json) (`2023-09-05T17:15:09.400`) -* [CVE-2023-3375](CVE-2023/CVE-2023-33xx/CVE-2023-3375.json) (`2023-09-05T17:15:09.497`) +* [CVE-2015-1390](CVE-2015/CVE-2015-13xx/CVE-2015-1390.json) (`2023-09-05T18:15:07.797`) +* [CVE-2015-1391](CVE-2015/CVE-2015-13xx/CVE-2015-1391.json) (`2023-09-05T18:15:07.997`) +* [CVE-2015-2201](CVE-2015/CVE-2015-22xx/CVE-2015-2201.json) (`2023-09-05T18:15:08.177`) +* [CVE-2015-2202](CVE-2015/CVE-2015-22xx/CVE-2015-2202.json) (`2023-09-05T18:15:08.357`) +* [CVE-2017-9453](CVE-2017/CVE-2017-94xx/CVE-2017-9453.json) (`2023-09-05T18:15:08.537`) +* [CVE-2020-35593](CVE-2020/CVE-2020-355xx/CVE-2020-35593.json) (`2023-09-05T19:15:48.407`) +* [CVE-2021-40546](CVE-2021/CVE-2021-405xx/CVE-2021-40546.json) (`2023-09-05T19:15:48.523`) +* [CVE-2023-35065](CVE-2023/CVE-2023-350xx/CVE-2023-35065.json) (`2023-09-05T18:15:10.067`) +* [CVE-2023-35068](CVE-2023/CVE-2023-350xx/CVE-2023-35068.json) (`2023-09-05T18:15:10.327`) +* [CVE-2023-35072](CVE-2023/CVE-2023-350xx/CVE-2023-35072.json) (`2023-09-05T18:15:10.507`) +* [CVE-2023-39598](CVE-2023/CVE-2023-395xx/CVE-2023-39598.json) (`2023-09-05T18:15:10.900`) +* [CVE-2023-39681](CVE-2023/CVE-2023-396xx/CVE-2023-39681.json) (`2023-09-05T18:15:11.027`) +* [CVE-2023-3616](CVE-2023/CVE-2023-36xx/CVE-2023-3616.json) (`2023-09-05T18:15:11.150`) +* [CVE-2023-40918](CVE-2023/CVE-2023-409xx/CVE-2023-40918.json) (`2023-09-05T18:15:11.317`) +* [CVE-2023-41317](CVE-2023/CVE-2023-413xx/CVE-2023-41317.json) (`2023-09-05T19:15:48.610`) +* [CVE-2023-4034](CVE-2023/CVE-2023-40xx/CVE-2023-4034.json) (`2023-09-05T19:15:48.713`) +* [CVE-2023-4178](CVE-2023/CVE-2023-41xx/CVE-2023-4178.json) (`2023-09-05T19:15:48.820`) +* [CVE-2023-4531](CVE-2023/CVE-2023-45xx/CVE-2023-4531.json) (`2023-09-05T19:15:48.923`) +* [CVE-2023-4781](CVE-2023/CVE-2023-47xx/CVE-2023-4781.json) (`2023-09-05T19:15:49.207`) ### CVEs modified in the last Commit -Recently modified CVEs: `20` +Recently modified CVEs: `39` -* [CVE-2019-13473](CVE-2019/CVE-2019-134xx/CVE-2019-13473.json) (`2023-09-05T17:15:07.477`) -* [CVE-2019-13474](CVE-2019/CVE-2019-134xx/CVE-2019-13474.json) (`2023-09-05T17:15:07.937`) -* [CVE-2022-25148](CVE-2022/CVE-2022-251xx/CVE-2022-25148.json) (`2023-09-05T17:15:08.110`) -* [CVE-2023-4681](CVE-2023/CVE-2023-46xx/CVE-2023-4681.json) (`2023-09-05T16:22:15.077`) -* [CVE-2023-4682](CVE-2023/CVE-2023-46xx/CVE-2023-4682.json) (`2023-09-05T16:24:54.687`) -* [CVE-2023-4678](CVE-2023/CVE-2023-46xx/CVE-2023-4678.json) (`2023-09-05T16:25:18.257`) -* [CVE-2023-34392](CVE-2023/CVE-2023-343xx/CVE-2023-34392.json) (`2023-09-05T16:27:51.523`) -* [CVE-2023-31175](CVE-2023/CVE-2023-311xx/CVE-2023-31175.json) (`2023-09-05T16:31:23.233`) -* [CVE-2023-31174](CVE-2023/CVE-2023-311xx/CVE-2023-31174.json) (`2023-09-05T16:32:06.837`) -* [CVE-2023-31172](CVE-2023/CVE-2023-311xx/CVE-2023-31172.json) (`2023-09-05T16:32:59.760`) -* [CVE-2023-31171](CVE-2023/CVE-2023-311xx/CVE-2023-31171.json) (`2023-09-05T16:33:35.107`) -* [CVE-2023-28809](CVE-2023/CVE-2023-288xx/CVE-2023-28809.json) (`2023-09-05T17:15:08.280`) -* [CVE-2023-39026](CVE-2023/CVE-2023-390xx/CVE-2023-39026.json) (`2023-09-05T17:15:09.327`) -* [CVE-2023-2453](CVE-2023/CVE-2023-24xx/CVE-2023-2453.json) (`2023-09-05T17:31:50.810`) -* [CVE-2023-40743](CVE-2023/CVE-2023-407xx/CVE-2023-40743.json) (`2023-09-05T17:31:50.810`) -* [CVE-2023-4480](CVE-2023/CVE-2023-44xx/CVE-2023-4480.json) (`2023-09-05T17:31:50.810`) -* [CVE-2023-31170](CVE-2023/CVE-2023-311xx/CVE-2023-31170.json) (`2023-09-05T17:35:41.017`) -* [CVE-2023-31169](CVE-2023/CVE-2023-311xx/CVE-2023-31169.json) (`2023-09-05T17:36:09.717`) -* [CVE-2023-31168](CVE-2023/CVE-2023-311xx/CVE-2023-31168.json) (`2023-09-05T17:38:34.297`) -* [CVE-2023-41642](CVE-2023/CVE-2023-416xx/CVE-2023-41642.json) (`2023-09-05T17:51:45.430`) +* [CVE-2023-4163](CVE-2023/CVE-2023-41xx/CVE-2023-4163.json) (`2023-09-05T18:19:25.817`) +* [CVE-2023-4162](CVE-2023/CVE-2023-41xx/CVE-2023-4162.json) (`2023-09-05T18:19:54.490`) +* [CVE-2023-31925](CVE-2023/CVE-2023-319xx/CVE-2023-31925.json) (`2023-09-05T18:24:04.713`) +* [CVE-2023-27426](CVE-2023/CVE-2023-274xx/CVE-2023-27426.json) (`2023-09-05T18:35:28.003`) +* [CVE-2023-1995](CVE-2023/CVE-2023-19xx/CVE-2023-1995.json) (`2023-09-05T18:51:17.547`) +* [CVE-2023-41376](CVE-2023/CVE-2023-413xx/CVE-2023-41376.json) (`2023-09-05T18:51:38.517`) +* [CVE-2023-24548](CVE-2023/CVE-2023-245xx/CVE-2023-24548.json) (`2023-09-05T18:52:02.053`) +* [CVE-2023-3646](CVE-2023/CVE-2023-36xx/CVE-2023-3646.json) (`2023-09-05T18:52:13.560`) +* [CVE-2023-41040](CVE-2023/CVE-2023-410xx/CVE-2023-41040.json) (`2023-09-05T18:59:32.280`) +* [CVE-2023-39139](CVE-2023/CVE-2023-391xx/CVE-2023-39139.json) (`2023-09-05T18:59:48.403`) +* [CVE-2023-39138](CVE-2023/CVE-2023-391xx/CVE-2023-39138.json) (`2023-09-05T19:00:03.030`) +* [CVE-2023-39137](CVE-2023/CVE-2023-391xx/CVE-2023-39137.json) (`2023-09-05T19:04:53.400`) +* [CVE-2023-3636](CVE-2023/CVE-2023-36xx/CVE-2023-3636.json) (`2023-09-05T19:06:11.070`) +* [CVE-2023-2279](CVE-2023/CVE-2023-22xx/CVE-2023-2279.json) (`2023-09-05T19:06:25.667`) +* [CVE-2023-2229](CVE-2023/CVE-2023-22xx/CVE-2023-2229.json) (`2023-09-05T19:12:06.357`) +* [CVE-2023-2188](CVE-2023/CVE-2023-21xx/CVE-2023-2188.json) (`2023-09-05T19:13:27.630`) +* [CVE-2023-38201](CVE-2023/CVE-2023-382xx/CVE-2023-38201.json) (`2023-09-05T19:13:35.213`) +* [CVE-2023-0689](CVE-2023/CVE-2023-06xx/CVE-2023-0689.json) (`2023-09-05T19:13:37.717`) +* [CVE-2023-4650](CVE-2023/CVE-2023-46xx/CVE-2023-4650.json) (`2023-09-05T19:14:55.743`) +* [CVE-2023-31424](CVE-2023/CVE-2023-314xx/CVE-2023-31424.json) (`2023-09-05T19:18:05.440`) +* [CVE-2023-31423](CVE-2023/CVE-2023-314xx/CVE-2023-31423.json) (`2023-09-05T19:36:32.197`) +* [CVE-2023-23765](CVE-2023/CVE-2023-237xx/CVE-2023-23765.json) (`2023-09-05T19:37:07.040`) +* [CVE-2023-41163](CVE-2023/CVE-2023-411xx/CVE-2023-41163.json) (`2023-09-05T19:37:16.743`) +* [CVE-2023-41041](CVE-2023/CVE-2023-410xx/CVE-2023-41041.json) (`2023-09-05T19:37:28.597`) +* [CVE-2023-38422](CVE-2023/CVE-2023-384xx/CVE-2023-38422.json) (`2023-09-05T19:41:08.010`) ## Download and Usage