From b6286f02e1b2dd02055bb00e0f5df5405c4863ff Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 20 Sep 2023 02:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-09-20T02:00:25.925487+00:00 --- CVE-2020/CVE-2020-240xx/CVE-2020-24089.json | 20 ++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25525.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25526.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25527.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25528.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25529.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25530.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25531.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25532.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25533.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-255xx/CVE-2023-25534.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31008.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31009.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-363xx/CVE-2023-36319.json | 24 +++++++++ CVE-2023/CVE-2023-388xx/CVE-2023-38886.json | 24 +++++++++ CVE-2023/CVE-2023-388xx/CVE-2023-38887.json | 24 +++++++++ CVE-2023/CVE-2023-388xx/CVE-2023-38888.json | 24 +++++++++ CVE-2023/CVE-2023-395xx/CVE-2023-39575.json | 20 ++++++++ README.md | 52 +++++++++---------- 19 files changed, 820 insertions(+), 28 deletions(-) create mode 100644 CVE-2020/CVE-2020-240xx/CVE-2020-24089.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25525.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25526.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25527.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25528.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25529.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25530.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25531.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25532.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25533.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25534.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31008.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31009.json create mode 100644 CVE-2023/CVE-2023-363xx/CVE-2023-36319.json create mode 100644 CVE-2023/CVE-2023-388xx/CVE-2023-38886.json create mode 100644 CVE-2023/CVE-2023-388xx/CVE-2023-38887.json create mode 100644 CVE-2023/CVE-2023-388xx/CVE-2023-38888.json create mode 100644 CVE-2023/CVE-2023-395xx/CVE-2023-39575.json diff --git a/CVE-2020/CVE-2020-240xx/CVE-2020-24089.json b/CVE-2020/CVE-2020-240xx/CVE-2020-24089.json new file mode 100644 index 00000000000..c3e50498d52 --- /dev/null +++ b/CVE-2020/CVE-2020-240xx/CVE-2020-24089.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-24089", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-20T00:15:09.847", + "lastModified": "2023-09-20T00:15:09.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/rjt-gupta/CVE-2020-24089", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25525.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25525.json new file mode 100644 index 00000000000..00ced94ee79 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25525.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25525", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:51.370", + "lastModified": "2023-09-20T01:15:51.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5480", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25526.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25526.json new file mode 100644 index 00000000000..5bb008edc2e --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25526.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25526", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:52.497", + "lastModified": "2023-09-20T01:15:52.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-248" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5480", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25527.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25527.json new file mode 100644 index 00000000000..dbf310ff065 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25527.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25527", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:52.920", + "lastModified": "2023-09-20T01:15:52.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25528.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25528.json new file mode 100644 index 00000000000..f764349905d --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25528.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25528", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:53.253", + "lastModified": "2023-09-20T01:15:53.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25529.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25529.json new file mode 100644 index 00000000000..904dd95cfe1 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25529.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25529", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:53.497", + "lastModified": "2023-09-20T01:15:53.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user\u2019s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-208" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25530.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25530.json new file mode 100644 index 00000000000..811dac616b3 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25530.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25530", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:53.857", + "lastModified": "2023-09-20T01:15:53.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25531.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25531.json new file mode 100644 index 00000000000..923928a4794 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25531.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25531", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:54.297", + "lastModified": "2023-09-20T01:15:54.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25532.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25532.json new file mode 100644 index 00000000000..fc3f499fc2e --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25532.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25532", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:54.523", + "lastModified": "2023-09-20T01:15:54.523", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25533.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25533.json new file mode 100644 index 00000000000..183ccf0bb23 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25533.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25533", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:54.900", + "lastModified": "2023-09-20T01:15:54.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25534.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25534.json new file mode 100644 index 00000000000..c148f0eb8b3 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25534.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25534", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:55.260", + "lastModified": "2023-09-20T01:15:55.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31008.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31008.json new file mode 100644 index 00000000000..f465e41eab5 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31008.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31008", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:55.453", + "lastModified": "2023-09-20T01:15:55.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31009.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31009.json new file mode 100644 index 00000000000..e37f18dc782 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31009.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31009", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T01:15:55.823", + "lastModified": "2023-09-20T01:15:55.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36319.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36319.json new file mode 100644 index 00000000000..005a6beabb4 --- /dev/null +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36319.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-36319", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-20T00:15:10.980", + "lastModified": "2023-09-20T00:15:10.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Lowalu/CVE-2023-36319", + "source": "cve@mitre.org" + }, + { + "url": "https://openupload.sourceforge.net/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38886.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38886.json new file mode 100644 index 00000000000..01c1ab194c4 --- /dev/null +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38886.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38886", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-20T01:15:56.153", + "lastModified": "2023-09-20T01:15:56.153", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://dolibarr.com", + "source": "cve@mitre.org" + }, + { + "url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38887.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38887.json new file mode 100644 index 00000000000..6617858e2b3 --- /dev/null +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38887.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38887", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-20T01:15:56.327", + "lastModified": "2023-09-20T01:15:56.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://dolibarr.com", + "source": "cve@mitre.org" + }, + { + "url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38888.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38888.json new file mode 100644 index 00000000000..feff3dc3cf5 --- /dev/null +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38888.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38888", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-20T01:15:56.580", + "lastModified": "2023-09-20T01:15:56.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://dolibarr.com", + "source": "cve@mitre.org" + }, + { + "url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39575.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39575.json new file mode 100644 index 00000000000..767cff399bd --- /dev/null +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39575.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39575", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-20T00:15:11.120", + "lastModified": "2023-09-20T00:15:11.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://evait.medium.com/discovery-of-a-reflective-xss-vulnerability-in-arp-guard-software-1734b5113e1c", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f093b3c429c..a6b15469f00 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-19T23:55:25.195838+00:00 +2023-09-20T02:00:25.925487+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-19T23:15:10.677000+00:00 +2023-09-20T01:15:56.580000+00:00 ``` ### Last Data Feed Release @@ -23,47 +23,43 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-09-19T00:00:13.565774+00:00 +2023-09-20T00:00:13.548080+00:00 ``` ### Total Number of included CVEs ```plain -225843 +225861 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `18` -* [CVE-2023-40931](CVE-2023/CVE-2023-409xx/CVE-2023-40931.json) (`2023-09-19T23:15:09.153`) -* [CVE-2023-40932](CVE-2023/CVE-2023-409xx/CVE-2023-40932.json) (`2023-09-19T23:15:10.237`) -* [CVE-2023-40933](CVE-2023/CVE-2023-409xx/CVE-2023-40933.json) (`2023-09-19T23:15:10.533`) -* [CVE-2023-40934](CVE-2023/CVE-2023-409xx/CVE-2023-40934.json) (`2023-09-19T23:15:10.677`) +* [CVE-2020-24089](CVE-2020/CVE-2020-240xx/CVE-2020-24089.json) (`2023-09-20T00:15:09.847`) +* [CVE-2023-36319](CVE-2023/CVE-2023-363xx/CVE-2023-36319.json) (`2023-09-20T00:15:10.980`) +* [CVE-2023-39575](CVE-2023/CVE-2023-395xx/CVE-2023-39575.json) (`2023-09-20T00:15:11.120`) +* [CVE-2023-25525](CVE-2023/CVE-2023-255xx/CVE-2023-25525.json) (`2023-09-20T01:15:51.370`) +* [CVE-2023-25526](CVE-2023/CVE-2023-255xx/CVE-2023-25526.json) (`2023-09-20T01:15:52.497`) +* [CVE-2023-25527](CVE-2023/CVE-2023-255xx/CVE-2023-25527.json) (`2023-09-20T01:15:52.920`) +* [CVE-2023-25528](CVE-2023/CVE-2023-255xx/CVE-2023-25528.json) (`2023-09-20T01:15:53.253`) +* [CVE-2023-25529](CVE-2023/CVE-2023-255xx/CVE-2023-25529.json) (`2023-09-20T01:15:53.497`) +* [CVE-2023-25530](CVE-2023/CVE-2023-255xx/CVE-2023-25530.json) (`2023-09-20T01:15:53.857`) +* [CVE-2023-25531](CVE-2023/CVE-2023-255xx/CVE-2023-25531.json) (`2023-09-20T01:15:54.297`) +* [CVE-2023-25532](CVE-2023/CVE-2023-255xx/CVE-2023-25532.json) (`2023-09-20T01:15:54.523`) +* [CVE-2023-25533](CVE-2023/CVE-2023-255xx/CVE-2023-25533.json) (`2023-09-20T01:15:54.900`) +* [CVE-2023-25534](CVE-2023/CVE-2023-255xx/CVE-2023-25534.json) (`2023-09-20T01:15:55.260`) +* [CVE-2023-31008](CVE-2023/CVE-2023-310xx/CVE-2023-31008.json) (`2023-09-20T01:15:55.453`) +* [CVE-2023-31009](CVE-2023/CVE-2023-310xx/CVE-2023-31009.json) (`2023-09-20T01:15:55.823`) +* [CVE-2023-38886](CVE-2023/CVE-2023-388xx/CVE-2023-38886.json) (`2023-09-20T01:15:56.153`) +* [CVE-2023-38887](CVE-2023/CVE-2023-388xx/CVE-2023-38887.json) (`2023-09-20T01:15:56.327`) +* [CVE-2023-38888](CVE-2023/CVE-2023-388xx/CVE-2023-38888.json) (`2023-09-20T01:15:56.580`) ### CVEs modified in the last Commit -Recently modified CVEs: `18` +Recently modified CVEs: `0` -* [CVE-2019-20391](CVE-2019/CVE-2019-203xx/CVE-2019-20391.json) (`2023-09-19T22:15:09.720`) -* [CVE-2019-20392](CVE-2019/CVE-2019-203xx/CVE-2019-20392.json) (`2023-09-19T22:15:10.183`) -* [CVE-2019-20393](CVE-2019/CVE-2019-203xx/CVE-2019-20393.json) (`2023-09-19T22:15:10.290`) -* [CVE-2019-20394](CVE-2019/CVE-2019-203xx/CVE-2019-20394.json) (`2023-09-19T22:15:10.397`) -* [CVE-2019-20395](CVE-2019/CVE-2019-203xx/CVE-2019-20395.json) (`2023-09-19T22:15:10.490`) -* [CVE-2019-20396](CVE-2019/CVE-2019-203xx/CVE-2019-20396.json) (`2023-09-19T22:15:10.597`) -* [CVE-2019-20397](CVE-2019/CVE-2019-203xx/CVE-2019-20397.json) (`2023-09-19T22:15:10.693`) -* [CVE-2019-20398](CVE-2019/CVE-2019-203xx/CVE-2019-20398.json) (`2023-09-19T22:15:10.780`) -* [CVE-2022-36440](CVE-2022/CVE-2022-364xx/CVE-2022-36440.json) (`2023-09-19T22:15:10.907`) -* [CVE-2022-40302](CVE-2022/CVE-2022-403xx/CVE-2022-40302.json) (`2023-09-19T22:15:11.020`) -* [CVE-2022-40318](CVE-2022/CVE-2022-403xx/CVE-2022-40318.json) (`2023-09-19T22:15:11.123`) -* [CVE-2022-43681](CVE-2022/CVE-2022-436xx/CVE-2022-43681.json) (`2023-09-19T22:15:11.200`) -* [CVE-2023-31490](CVE-2023/CVE-2023-314xx/CVE-2023-31490.json) (`2023-09-19T22:15:11.297`) -* [CVE-2023-38802](CVE-2023/CVE-2023-388xx/CVE-2023-38802.json) (`2023-09-19T22:15:11.407`) -* [CVE-2023-41358](CVE-2023/CVE-2023-413xx/CVE-2023-41358.json) (`2023-09-19T22:15:11.507`) -* [CVE-2023-41360](CVE-2023/CVE-2023-413xx/CVE-2023-41360.json) (`2023-09-19T22:15:11.603`) -* [CVE-2023-41361](CVE-2023/CVE-2023-413xx/CVE-2023-41361.json) (`2023-09-19T22:15:11.693`) -* [CVE-2023-41909](CVE-2023/CVE-2023-419xx/CVE-2023-41909.json) (`2023-09-19T22:15:11.777`) ## Download and Usage