From ab599db9722fdbeff57608d2d9920a16530e5fbc Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 22 Aug 2023 16:00:37 +0000 Subject: [PATCH] Auto-Update: 2023-08-22T16:00:33.921146+00:00 --- CVE-2020/CVE-2020-276xx/CVE-2020-27673.json | 65 +++++++++-- CVE-2021/CVE-2021-280xx/CVE-2021-28038.json | 60 +++++++++- CVE-2023/CVE-2023-244xx/CVE-2023-24478.json | 60 +++++++++- CVE-2023/CVE-2023-294xx/CVE-2023-29468.json | 74 +++++++++++- CVE-2023/CVE-2023-320xx/CVE-2023-32004.json | 96 +++++++++++++++- CVE-2023/CVE-2023-324xx/CVE-2023-32486.json | 60 +++++++++- CVE-2023/CVE-2023-324xx/CVE-2023-32494.json | 74 +++++++++++- CVE-2023/CVE-2023-327xx/CVE-2023-32748.json | 69 +++++++++++- CVE-2023/CVE-2023-330xx/CVE-2023-33013.json | 49 +++++++- CVE-2023/CVE-2023-386xx/CVE-2023-38687.json | 60 +++++++++- CVE-2023/CVE-2023-388xx/CVE-2023-38840.json | 81 ++++++++++++-- CVE-2023/CVE-2023-388xx/CVE-2023-38898.json | 70 +++++++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38915.json | 65 ++++++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38916.json | 64 ++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39908.json | 65 ++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39946.json | 109 +++++++++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39947.json | 109 +++++++++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39950.json | 67 +++++++++-- CVE-2023/CVE-2023-400xx/CVE-2023-40020.json | 53 ++++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40354.json | 86 +++++++++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4362.json | 101 +++++++++++++++-- CVE-2023/CVE-2023-43xx/CVE-2023-4363.json | 118 ++++++++++++++++++-- CVE-2023/CVE-2023-43xx/CVE-2023-4364.json | 106 ++++++++++++++++-- CVE-2023/CVE-2023-43xx/CVE-2023-4365.json | 106 ++++++++++++++++-- README.md | 55 +++++---- 25 files changed, 1769 insertions(+), 153 deletions(-) diff --git a/CVE-2020/CVE-2020-276xx/CVE-2020-27673.json b/CVE-2020/CVE-2020-276xx/CVE-2020-27673.json index 181a9dc1240..62ae5daea00 100644 --- a/CVE-2020/CVE-2020-276xx/CVE-2020-27673.json +++ b/CVE-2020/CVE-2020-276xx/CVE-2020-27673.json @@ -2,7 +2,7 @@ "id": "CVE-2020-27673", "sourceIdentifier": "cve@mitre.org", "published": "2020-10-22T21:15:14.013", - "lastModified": "2022-04-26T16:23:21.007", + "lastModified": "2023-08-22T15:16:55.703", "vulnStatus": "Analyzed", "descriptions": [ { @@ -79,20 +79,55 @@ { "nodes": [ { - "operator": "AND", + "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "5.9.1", - "matchCriteriaId": "C7E1EBA7-1B6D-4A6D-ADFF-2B556573F073" + "versionStartIncluding": "2.6.12", + "versionEndExcluding": "4.4.244", + "matchCriteriaId": "AA719A92-2855-4DD0-976B-DB325D5680A5" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", - "versionEndIncluding": "4.14.0", - "matchCriteriaId": "2D769F4A-98C6-4544-AC04-3D8600C17BBB" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5.0", + "versionEndExcluding": "4.9.244", + "matchCriteriaId": "333BA70D-20AE-4FD7-8840-343E56367F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10.0", + "versionEndExcluding": "4.14.207", + "matchCriteriaId": "4E7EC529-740E-4ED5-9EFC-F1FAEE029AC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15.0", + "versionEndExcluding": "4.19.155", + "matchCriteriaId": "1F25E0DA-3383-48F8-AF11-8C4230EEE095" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20.0", + "versionEndExcluding": "5.4.75", + "matchCriteriaId": "B9EA48BB-631D-425C-9B81-7F3A3D421089" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5.0", + "versionEndExcluding": "5.9.5", + "matchCriteriaId": "9F0FC208-5B80-4CCA-A8FB-CD9D86D5F4BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "9DD7EB1D-064C-4DB9-AD34-D8EF78312C17" } ] } @@ -132,6 +167,22 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.14.0", + "matchCriteriaId": "2D769F4A-98C6-4544-AC04-3D8600C17BBB" + } + ] + } + ] } ], "references": [ diff --git a/CVE-2021/CVE-2021-280xx/CVE-2021-28038.json b/CVE-2021/CVE-2021-280xx/CVE-2021-28038.json index 40ca6ab4127..25f8f8df419 100644 --- a/CVE-2021/CVE-2021-280xx/CVE-2021-28038.json +++ b/CVE-2021/CVE-2021-280xx/CVE-2021-28038.json @@ -2,7 +2,7 @@ "id": "CVE-2021-28038", "sourceIdentifier": "cve@mitre.org", "published": "2021-03-05T18:15:13.127", - "lastModified": "2022-05-16T20:58:21.897", + "lastModified": "2023-08-22T14:25:33.703", "vulnStatus": "Analyzed", "descriptions": [ { @@ -79,19 +79,67 @@ { "nodes": [ { - "operator": "AND", + "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "5.11.3", - "matchCriteriaId": "AAEB7028-B576-457E-927A-8025DB7F3D14" + "versionStartIncluding": "2.6.39", + "versionEndExcluding": "4.4.260", + "matchCriteriaId": "873F5904-E137-45CC-A229-1ACB174021B9" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", - "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5.0", + "versionEndExcluding": "4.9.260", + "matchCriteriaId": "37A31D37-6E2B-487D-A7B1-AA678845E3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10.0", + "versionEndExcluding": "4.14.224", + "matchCriteriaId": "E2C21DCE-38E0-48E5-AB62-F12536A90A1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15.0", + "versionEndExcluding": "4.19.179", + "matchCriteriaId": "3BA86006-B187-4C7D-9712-36D3D724AC33" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20.0", + "versionEndExcluding": "5.4.103", + "matchCriteriaId": "D3CFDB2D-F538-4E59-B331-7EAD494C2924" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.0", + "versionEndExcluding": "5.10.21", + "matchCriteriaId": "ADF2B8FE-6B1B-40C6-B1DC-37812D5A0F1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11.0", + "versionEndExcluding": "5.11.4", + "matchCriteriaId": "635861E2-E992-4768-A883-CBC76271AFD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "07875739-0CCB-4F48-9330-3D4B6A4064FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DA09B732-04F8-452C-94CF-97644E78684D" } ] } diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24478.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24478.json index a56d7ff1973..841c0914398 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24478.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24478.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24478", "sourceIdentifier": "secure@intel.com", "published": "2023-08-15T13:15:09.477", - "lastModified": "2023-08-15T16:06:01.557", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:20:26.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:quartus_prime:*:*:*:*:pro:*:*:*", + "versionEndExcluding": "22.4", + "matchCriteriaId": "AC907F1A-35E9-4FCD-8748-240E83EB4900" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29468.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29468.json index 1d96e6a3768..b739a9277ef 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29468.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29468.json @@ -2,19 +2,85 @@ "id": "CVE-2023-29468", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T19:15:11.437", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:41:58.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ti:wilink8-wifi-mcp8:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.5", + "matchCriteriaId": "2D80B587-83E0-4AEA-883B-ABA5820D4AA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ti:wilink8-wifi-mcp8:8.5:-:*:*:*:*:*:*", + "matchCriteriaId": "F16D3376-9EF5-4BC3-85B2-C198B30F5514" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ti:wilink8-wifi-mcp8:8.5:sp3:*:*:*:*:*:*", + "matchCriteriaId": "E77E8E0D-DBCE-43CE-8450-D96717913E3B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ti.com/lit/swra773", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32004.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32004.json index c72d87681fa..c50949290fb 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32004.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32004.json @@ -2,27 +2,111 @@ "id": "CVE-2023-32004", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-15T16:15:11.303", - "lastModified": "2023-08-19T03:15:22.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:13:14.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", + "versionEndIncluding": "20.5.0", + "matchCriteriaId": "C643F785-3B58-442C-802A-5ED5D5D6566A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://hackerone.com/reports/2038134", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32486.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32486.json index 8251e605fbe..cd40fa00e7d 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32486.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32486.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32486", "sourceIdentifier": "security_alert@emc.com", "published": "2023-08-16T14:15:10.837", - "lastModified": "2023-08-16T15:17:05.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:19:32.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security_alert@emc.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security_alert@emc.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.5.0.0", + "versionEndIncluding": "9.5.0.3", + "matchCriteriaId": "AB96F54D-D8C1-439A-BA83-72B8E840DFB1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32494.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32494.json index 441cb2ab7aa..19f6a1a59a7 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32494.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32494.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32494", "sourceIdentifier": "security_alert@emc.com", "published": "2023-08-16T13:15:10.867", - "lastModified": "2023-08-16T15:17:05.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:19:54.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security_alert@emc.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security_alert@emc.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.1.0", + "versionEndIncluding": "9.2.1.22", + "matchCriteriaId": "FEF3F09E-3FF7-4352-A853-41DC25627EAD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.4.0.0", + "versionEndIncluding": "9.4.0.13", + "matchCriteriaId": "F49A7E9F-F753-48EA-8A96-CFE473CBD81A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.5.0.0", + "versionEndIncluding": "9.5.0.3", + "matchCriteriaId": "AB96F54D-D8C1-439A-BA83-72B8E840DFB1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32748.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32748.json index 44d2abeb8df..6dd42046f46 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32748.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32748.json @@ -2,23 +2,82 @@ "id": "CVE-2023-32748", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T18:15:10.867", - "lastModified": "2023-08-14T18:59:33.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T15:06:48.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*", + "versionEndIncluding": "22.24.1500.0", + "matchCriteriaId": "07B89289-EB6B-49EA-AC12-0C39A99467DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.mitel.com/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33013.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33013.json index 5514b3cc8cb..52a6051b666 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33013.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33013.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33013", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-08-14T17:15:10.313", - "lastModified": "2023-08-14T17:27:48.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T15:56:05.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -35,6 +35,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -46,10 +56,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:nbg6604_firmware:1.01\\(abir.1\\)c0:*:*:*:*:*:*:*", + "matchCriteriaId": "E7EA8A38-B936-4C8D-81D4-9E4D2A67733D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:nbg6604:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AFA7D096-9ED5-4F07-A746-29662765F61E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-in-ntp-feature-of-nbg6604-home-router", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38687.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38687.json index bc7ea15e272..a83f6fee954 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38687.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38687.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38687", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-14T21:15:12.607", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:41:23.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,44 @@ "value": "CWE-79" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mskocik:svelecte:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "3.16.3", + "matchCriteriaId": "B8B75C3C-45FB-4C83-AD04-8C5E723440D3" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/mskocik/svelecte/security/advisories/GHSA-7h45-grc5-89wq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38840.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38840.json index ae302a96851..8849d9b49df 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38840.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38840.json @@ -2,31 +2,98 @@ "id": "CVE-2023-38840", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T17:15:10.320", - "lastModified": "2023-08-21T17:15:47.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:58:17.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bitwarden:bitwarden:*:*:*:*:desktop:*:*:*", + "versionEndIncluding": "2023.7.0", + "matchCriteriaId": "BF2C0660-5B90-45CF-AC6E-398619F697D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/bitwarden/clients/pull/5813", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/bitwarden/desktop/issues/476", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/markuta/bw-dump", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38898.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38898.json index 377b2e83ba7..1e3de450179 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38898.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38898.json @@ -2,23 +2,83 @@ "id": "CVE-2023-38898", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T17:15:12.187", - "lastModified": "2023-08-15T17:15:41.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T15:07:48.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:python:python:3.13.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "3BA51E41-D221-431F-870F-536AF2867B50" + } + ] + } + ] + } + ], "references": [ { "url": "http://python.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/python/cpython/issues/105987", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38915.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38915.json index abdec82a4fd..c26b90a5030 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38915.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38915.json @@ -2,19 +2,76 @@ "id": "CVE-2023-38915", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T17:15:12.327", - "lastModified": "2023-08-15T17:15:41.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T15:16:26.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wolf18:easyadmin8:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFCE815D-07B9-4F7D-8D7E-2E0DCE09DDC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wolf-leo/EasyAdmin8/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38916.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38916.json index b374bbb4aaa..71d5add3f03 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38916.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38916.json @@ -2,19 +2,75 @@ "id": "CVE-2023-38916", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T17:15:12.457", - "lastModified": "2023-08-15T17:15:41.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T15:27:37.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mohammad-ajazuddin:evotingsystem-php:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3919AED0-8948-4EA6-A3D6-4F7081B73C90" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Mohammad-Ajazuddin/eVotingSytem-PHP/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39908.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39908.json index 859228302a8..2c04a5a8b6f 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39908.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39908.json @@ -2,19 +2,76 @@ "id": "CVE-2023-39908", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T19:15:13.243", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:42:30.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yubico:yubihsm_2_sdk:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.08", + "matchCriteriaId": "E39C89B2-F3D3-403A-825A-295E5ECB068B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.yubico.com/support/security-advisories/ysa-2023-01/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39946.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39946.json index 06ac6001d05..28b20f52fb2 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39946.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39946.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39946", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-11T14:15:13.483", - "lastModified": "2023-08-21T04:15:10.477", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:21:30.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndExcluding": "2.6.6", + "matchCriteriaId": "F15C9800-42FF-4680-91BE-65DD409C2BAD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.9.0", + "versionEndExcluding": "2.9.2", + "matchCriteriaId": "ACDC404A-DC49-462D-A906-D5B726B5511A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.10.0", + "versionEndExcluding": "2.10.2", + "matchCriteriaId": "F09F92E5-C333-413D-8D93-E310DE1C6873" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:2.11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "99CB3D60-0018-4E5E-A54F-6E9098E499AB" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5481", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39947.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39947.json index 7f3da09a2ed..89019c56c67 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39947.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39947.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39947", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-11T14:15:13.587", - "lastModified": "2023-08-21T04:15:10.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:23:13.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndExcluding": "2.6.6", + "matchCriteriaId": "F15C9800-42FF-4680-91BE-65DD409C2BAD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.9.0", + "versionEndExcluding": "2.9.2", + "matchCriteriaId": "ACDC404A-DC49-462D-A906-D5B726B5511A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.10.0", + "versionEndExcluding": "2.10.2", + "matchCriteriaId": "F09F92E5-C333-413D-8D93-E310DE1C6873" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eprosima:fast_dds:2.11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "99CB3D60-0018-4E5E-A54F-6E9098E499AB" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5481", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39950.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39950.json index 3ab03407b91..aade4ec0814 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39950.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39950.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39950", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-14T21:15:13.420", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:40:09.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +66,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:efibootguard:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.15", + "matchCriteriaId": "A195B7F8-F691-4F1D-B161-81B6FEA5063A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/siemens/efibootguard/blob/master/docs/API.md", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md#setting-user-variables", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/siemens/efibootguard/security/advisories/GHSA-j6pp-7g99-24m7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/siemens/efibootguard/tags", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40020.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40020.json index 3dd5a4013d7..39216778e05 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40020.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40020.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40020", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-14T21:15:13.797", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T14:36:08.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:troplo:privateuploader:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.2.49", + "matchCriteriaId": "F3185126-02B9-4939-B4A3-28EC7123FCA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrivateUploader/PrivateUploader/commit/869657d61e3c7a518177106fe63ea483082b0d3e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrivateUploader/PrivateUploader/security/advisories/GHSA-vhrw-2472-rrjx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40354.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40354.json index dbc079e53de..250eb54281e 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40354.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40354.json @@ -2,19 +2,97 @@ "id": "CVE-2023-40354", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T17:15:10.533", - "lastModified": "2023-08-14T17:27:48.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T15:55:45.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a \"maxctrl create service\" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:maxscale:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.5.28", + "matchCriteriaId": "77CA73A9-6917-46F0-A24C-668C3EBFA88B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:maxscale:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.4.9", + "matchCriteriaId": "2363D156-4D49-43A3-AC6D-49EEBDB3A442" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:maxscale:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.08", + "versionEndExcluding": "22.08.8", + "matchCriteriaId": "00F1E81D-D42C-465D-9EF3-9245BF322B2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:maxscale:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.02", + "versionEndExcluding": "23.02.3", + "matchCriteriaId": "984B258E-397F-495C-B479-B1FC6329BAA1" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.mariadb.org/browse/MXS-4681", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4362.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4362.json index 36bae3f058e..1833dd592bc 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4362.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4362.json @@ -2,31 +2,118 @@ "id": "CVE-2023-4362", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.030", - "lastModified": "2023-08-20T03:15:19.327", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-22T15:33:24.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1316379", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4363.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4363.json index 75adadb96ca..2f8ae532fed 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4363.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4363.json @@ -2,31 +2,135 @@ "id": "CVE-2023-4363", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.113", - "lastModified": "2023-08-20T03:15:19.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-22T15:39:35.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1367085", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4364.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4364.json index b9f2c56f016..b81749b503b 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4364.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4364.json @@ -2,31 +2,123 @@ "id": "CVE-2023-4364", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.217", - "lastModified": "2023-08-20T03:15:19.933", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-22T15:45:57.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1406922", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4365.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4365.json index fb603bda2c7..e7e9d753876 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4365.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4365.json @@ -2,31 +2,123 @@ "id": "CVE-2023-4365", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.290", - "lastModified": "2023-08-20T03:15:20.097", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-22T15:56:12.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1431043", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 0dea7dd6615..9eaf17ab0e5 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-22T14:00:31.258845+00:00 +2023-08-22T16:00:33.921146+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-22T13:42:31.027000+00:00 +2023-08-22T15:56:12.107000+00:00 ``` ### Last Data Feed Release @@ -40,33 +40,32 @@ Recently added CVEs: `0` ### CVEs modified in the last Commit -Recently modified CVEs: `26` +Recently modified CVEs: `24` -* [CVE-2023-4373](CVE-2023/CVE-2023-43xx/CVE-2023-4373.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-4417](CVE-2023/CVE-2023-44xx/CVE-2023-4417.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-4459](CVE-2023/CVE-2023-44xx/CVE-2023-4459.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-36787](CVE-2023/CVE-2023-367xx/CVE-2023-36787.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-38158](CVE-2023/CVE-2023-381xx/CVE-2023-38158.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-25913](CVE-2023/CVE-2023-259xx/CVE-2023-25913.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-25914](CVE-2023/CVE-2023-259xx/CVE-2023-25914.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-25915](CVE-2023/CVE-2023-259xx/CVE-2023-25915.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-4301](CVE-2023/CVE-2023-43xx/CVE-2023-4301.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-4302](CVE-2023/CVE-2023-43xx/CVE-2023-4302.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-4303](CVE-2023/CVE-2023-43xx/CVE-2023-4303.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-38906](CVE-2023/CVE-2023-389xx/CVE-2023-38906.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-38908](CVE-2023/CVE-2023-389xx/CVE-2023-38908.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-38909](CVE-2023/CVE-2023-389xx/CVE-2023-38909.json) (`2023-08-22T12:41:26.783`) -* [CVE-2023-1465](CVE-2023/CVE-2023-14xx/CVE-2023-1465.json) (`2023-08-22T13:06:29.540`) -* [CVE-2023-1110](CVE-2023/CVE-2023-11xx/CVE-2023-1110.json) (`2023-08-22T13:07:10.533`) -* [CVE-2023-0579](CVE-2023/CVE-2023-05xx/CVE-2023-0579.json) (`2023-08-22T13:07:29.467`) -* [CVE-2023-0274](CVE-2023/CVE-2023-02xx/CVE-2023-0274.json) (`2023-08-22T13:07:47.103`) -* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-22T13:18:07.123`) -* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-22T13:18:28.450`) -* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-22T13:19:16.573`) -* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-22T13:20:41.600`) -* [CVE-2023-38896](CVE-2023/CVE-2023-388xx/CVE-2023-38896.json) (`2023-08-22T13:30:00.137`) -* [CVE-2023-38850](CVE-2023/CVE-2023-388xx/CVE-2023-38850.json) (`2023-08-22T13:30:25.907`) -* [CVE-2023-4368](CVE-2023/CVE-2023-43xx/CVE-2023-4368.json) (`2023-08-22T13:42:31.027`) +* [CVE-2020-27673](CVE-2020/CVE-2020-276xx/CVE-2020-27673.json) (`2023-08-22T15:16:55.703`) +* [CVE-2021-28038](CVE-2021/CVE-2021-280xx/CVE-2021-28038.json) (`2023-08-22T14:25:33.703`) +* [CVE-2023-32004](CVE-2023/CVE-2023-320xx/CVE-2023-32004.json) (`2023-08-22T14:13:14.530`) +* [CVE-2023-32486](CVE-2023/CVE-2023-324xx/CVE-2023-32486.json) (`2023-08-22T14:19:32.660`) +* [CVE-2023-32494](CVE-2023/CVE-2023-324xx/CVE-2023-32494.json) (`2023-08-22T14:19:54.193`) +* [CVE-2023-24478](CVE-2023/CVE-2023-244xx/CVE-2023-24478.json) (`2023-08-22T14:20:26.980`) +* [CVE-2023-39946](CVE-2023/CVE-2023-399xx/CVE-2023-39946.json) (`2023-08-22T14:21:30.250`) +* [CVE-2023-39947](CVE-2023/CVE-2023-399xx/CVE-2023-39947.json) (`2023-08-22T14:23:13.990`) +* [CVE-2023-40020](CVE-2023/CVE-2023-400xx/CVE-2023-40020.json) (`2023-08-22T14:36:08.510`) +* [CVE-2023-39950](CVE-2023/CVE-2023-399xx/CVE-2023-39950.json) (`2023-08-22T14:40:09.827`) +* [CVE-2023-38687](CVE-2023/CVE-2023-386xx/CVE-2023-38687.json) (`2023-08-22T14:41:23.167`) +* [CVE-2023-29468](CVE-2023/CVE-2023-294xx/CVE-2023-29468.json) (`2023-08-22T14:41:58.630`) +* [CVE-2023-39908](CVE-2023/CVE-2023-399xx/CVE-2023-39908.json) (`2023-08-22T14:42:30.963`) +* [CVE-2023-38840](CVE-2023/CVE-2023-388xx/CVE-2023-38840.json) (`2023-08-22T14:58:17.927`) +* [CVE-2023-32748](CVE-2023/CVE-2023-327xx/CVE-2023-32748.json) (`2023-08-22T15:06:48.240`) +* [CVE-2023-38898](CVE-2023/CVE-2023-388xx/CVE-2023-38898.json) (`2023-08-22T15:07:48.627`) +* [CVE-2023-38915](CVE-2023/CVE-2023-389xx/CVE-2023-38915.json) (`2023-08-22T15:16:26.497`) +* [CVE-2023-38916](CVE-2023/CVE-2023-389xx/CVE-2023-38916.json) (`2023-08-22T15:27:37.117`) +* [CVE-2023-4362](CVE-2023/CVE-2023-43xx/CVE-2023-4362.json) (`2023-08-22T15:33:24.600`) +* [CVE-2023-4363](CVE-2023/CVE-2023-43xx/CVE-2023-4363.json) (`2023-08-22T15:39:35.130`) +* [CVE-2023-4364](CVE-2023/CVE-2023-43xx/CVE-2023-4364.json) (`2023-08-22T15:45:57.573`) +* [CVE-2023-40354](CVE-2023/CVE-2023-403xx/CVE-2023-40354.json) (`2023-08-22T15:55:45.223`) +* [CVE-2023-33013](CVE-2023/CVE-2023-330xx/CVE-2023-33013.json) (`2023-08-22T15:56:05.847`) +* [CVE-2023-4365](CVE-2023/CVE-2023-43xx/CVE-2023-4365.json) (`2023-08-22T15:56:12.107`) ## Download and Usage