From b6d8d154b6333d775d3672fbd10766300c194bf6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 29 Aug 2023 23:55:28 +0000 Subject: [PATCH] Auto-Update: 2023-08-29T23:55:25.192584+00:00 --- CVE-2018/CVE-2018-113xx/CVE-2018-11314.json | 8 +- CVE-2020/CVE-2020-189xx/CVE-2020-18912.json | 24 ++++ CVE-2020/CVE-2020-273xx/CVE-2020-27366.json | 75 +++++++++++- CVE-2022/CVE-2022-271xx/CVE-2022-27152.json | 8 +- CVE-2023/CVE-2023-322xx/CVE-2023-32241.json | 4 +- CVE-2023/CVE-2023-380xx/CVE-2023-38024.json | 39 +++++- CVE-2023/CVE-2023-380xx/CVE-2023-38025.json | 51 +++++++- CVE-2023/CVE-2023-380xx/CVE-2023-38028.json | 115 +++++++++++++++++- CVE-2023/CVE-2023-380xx/CVE-2023-38029.json | 115 +++++++++++++++++- CVE-2023/CVE-2023-380xx/CVE-2023-38030.json | 127 +++++++++++++++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38969.json | 74 +++++++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38971.json | 24 ++++ CVE-2023/CVE-2023-389xx/CVE-2023-38975.json | 24 ++++ CVE-2023/CVE-2023-389xx/CVE-2023-38976.json | 8 +- CVE-2023/CVE-2023-390xx/CVE-2023-39062.json | 76 +++++++++++- CVE-2023/CVE-2023-395xx/CVE-2023-39558.json | 24 ++++ CVE-2023/CVE-2023-395xx/CVE-2023-39559.json | 24 ++++ CVE-2023/CVE-2023-395xx/CVE-2023-39560.json | 64 +++++++++- CVE-2023/CVE-2023-395xx/CVE-2023-39578.json | 8 +- CVE-2023/CVE-2023-397xx/CVE-2023-39709.json | 74 +++++++++++- CVE-2023/CVE-2023-407xx/CVE-2023-40706.json | 69 ++++++++++- CVE-2023/CVE-2023-407xx/CVE-2023-40707.json | 69 ++++++++++- CVE-2023/CVE-2023-407xx/CVE-2023-40708.json | 69 ++++++++++- CVE-2023/CVE-2023-407xx/CVE-2023-40709.json | 69 ++++++++++- CVE-2023/CVE-2023-408xx/CVE-2023-40826.json | 70 ++++++++++- CVE-2023/CVE-2023-411xx/CVE-2023-41153.json | 20 +++ CVE-2023/CVE-2023-412xx/CVE-2023-41265.json | 47 ++++++++ CVE-2023/CVE-2023-412xx/CVE-2023-41266.json | 47 ++++++++ CVE-2023/CVE-2023-42xx/CVE-2023-4227.json | 69 ++++++++++- CVE-2023/CVE-2023-42xx/CVE-2023-4228.json | 69 ++++++++++- CVE-2023/CVE-2023-42xx/CVE-2023-4229.json | 69 ++++++++++- CVE-2023/CVE-2023-42xx/CVE-2023-4296.json | 59 +++++++++ CVE-2023/CVE-2023-46xx/CVE-2023-4611.json | 51 ++++++++ README.md | 76 ++++++------ 34 files changed, 1704 insertions(+), 115 deletions(-) create mode 100644 CVE-2020/CVE-2020-189xx/CVE-2020-18912.json create mode 100644 CVE-2023/CVE-2023-389xx/CVE-2023-38971.json create mode 100644 CVE-2023/CVE-2023-389xx/CVE-2023-38975.json create mode 100644 CVE-2023/CVE-2023-395xx/CVE-2023-39558.json create mode 100644 CVE-2023/CVE-2023-395xx/CVE-2023-39559.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41153.json create mode 100644 CVE-2023/CVE-2023-412xx/CVE-2023-41265.json create mode 100644 CVE-2023/CVE-2023-412xx/CVE-2023-41266.json create mode 100644 CVE-2023/CVE-2023-42xx/CVE-2023-4296.json create mode 100644 CVE-2023/CVE-2023-46xx/CVE-2023-4611.json diff --git a/CVE-2018/CVE-2018-113xx/CVE-2018-11314.json b/CVE-2018/CVE-2018-113xx/CVE-2018-11314.json index 77de5bd604c..cfadfd6ddb0 100644 --- a/CVE-2018/CVE-2018-113xx/CVE-2018-11314.json +++ b/CVE-2018/CVE-2018-113xx/CVE-2018-11314.json @@ -2,8 +2,8 @@ "id": "CVE-2018-11314", "sourceIdentifier": "cve@mitre.org", "published": "2018-07-03T16:29:00.227", - "lastModified": "2018-09-11T18:12:43.500", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-29T22:15:08.127", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://support.roku.com/article/12554388937879", + "source": "cve@mitre.org" + }, { "url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability", "source": "cve@mitre.org", diff --git a/CVE-2020/CVE-2020-189xx/CVE-2020-18912.json b/CVE-2020/CVE-2020-189xx/CVE-2020-18912.json new file mode 100644 index 00000000000..13c9567bebe --- /dev/null +++ b/CVE-2020/CVE-2020-189xx/CVE-2020-18912.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2020-18912", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-29T23:15:07.980", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.cnblogs.com/hantom/p/10621198.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.cnblogs.com/yiwd/archive/2013/03/03/2941269.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-273xx/CVE-2020-27366.json b/CVE-2020/CVE-2020-273xx/CVE-2020-27366.json index 8070edfb6db..89a26037e43 100644 --- a/CVE-2020/CVE-2020-273xx/CVE-2020-27366.json +++ b/CVE-2020/CVE-2020-273xx/CVE-2020-27366.json @@ -2,19 +2,86 @@ "id": "CVE-2020-27366", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T18:15:08.593", - "lastModified": "2023-08-28T19:28:54.367", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:41:31.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:humaxdigital:hgb10r-02_firmware:1.0.03:*:*:*:*:*:*:*", + "matchCriteriaId": "93A84850-E1EC-4572-80F0-D1EDCA60882A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:humaxdigital:hgb10r-02:-:*:*:*:*:*:*:*", + "matchCriteriaId": "08F77F1D-DCAE-47E7-85A6-BBCF783EA033" + } + ] + } + ] + } + ], "references": [ { "url": "https://pastebin.com/sr0JR1ys", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-271xx/CVE-2022-27152.json b/CVE-2022/CVE-2022-271xx/CVE-2022-27152.json index a62b85df2ec..1875bbf562e 100644 --- a/CVE-2022/CVE-2022-271xx/CVE-2022-27152.json +++ b/CVE-2022/CVE-2022-271xx/CVE-2022-27152.json @@ -2,8 +2,8 @@ "id": "CVE-2022-27152", "sourceIdentifier": "cve@mitre.org", "published": "2022-04-08T18:15:09.987", - "lastModified": "2022-04-15T15:02:31.160", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-29T22:15:08.747", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -157,6 +157,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://support.roku.com/article/12554388937879", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32241.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32241.json index 231422b57e8..2bbb471b930 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32241.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32241.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32241", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-29T21:15:09.670", - "lastModified": "2023-08-29T21:15:09.670", - "vulnStatus": "Received", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38024.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38024.json index db36d0a74b7..d56bb51798d 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38024.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38024.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38024", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-08-28T04:15:14.783", - "lastModified": "2023-08-28T05:16:01.577", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:47:23.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:myspotcam:fhd_2_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0039", + "matchCriteriaId": "C8FB528D-812E-40D8-BB61-FE96BFB0FD4A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:myspotcam:fhd_2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03374B5B-BA82-4FCD-8B67-84F2132B14FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38025.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38025.json index de916e493d4..c727b9d6bf7 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38025.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38025.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38025", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-08-28T04:15:16.477", - "lastModified": "2023-08-28T05:16:01.577", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:47:47.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,55 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:myspotcam:fhd_2_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0039", + "matchCriteriaId": "C8FB528D-812E-40D8-BB61-FE96BFB0FD4A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:myspotcam:fhd_2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03374B5B-BA82-4FCD-8B67-84F2132B14FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7332-ee011-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38028.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38028.json index 143032e15b9..7efd53bace8 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38028.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38028.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38028", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-08-28T05:15:07.667", - "lastModified": "2023-08-28T05:16:01.577", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:47:08.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,119 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "51D8D874-7C51-41E7-9689-E795DE1360D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "50C72BE7-0E40-4F1A-86D6-15E8C78121C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5EB5DA1F-3BED-4F23-9FA1-C65F6C59235B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "BE08CF54-2259-40AF-B68C-F3498133F490" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:q20100602:*:*:*:*:*:*:*", + "matchCriteriaId": "28AF1652-9D3F-45F6-969D-FA0D7F688F12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t190:*:*:*:*:*:*:*", + "matchCriteriaId": "825B2F91-8AC9-4543-9BD8-26760B5F6587" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t17041702:*:*:*:*:*:*:*", + "matchCriteriaId": "176C1D07-D975-4CF8-B54C-16366DF1C848" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t18051803:*:*:*:*:*:*:*", + "matchCriteriaId": "BA65B75F-139F-4BC6-A5AB-EA74FFE5966A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:saho:adm-100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA638ECA-B29C-415D-99E7-217D16473C37" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:q20100602:*:*:*:*:*:*:*", + "matchCriteriaId": "D6612C85-1259-4435-BEB1-DC5ADC8D620D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t190:*:*:*:*:*:*:*", + "matchCriteriaId": "EC7D1DBE-4976-47A4-951B-39B5C9B8736A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t17041702:*:*:*:*:*:*:*", + "matchCriteriaId": "C9487774-CE30-4C04-B296-70B3A73225C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t18051803:*:*:*:*:*:*:*", + "matchCriteriaId": "D0E10BD2-D64F-49F9-8409-A56AC2E0FD57" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:saho:adm-100fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "295DF46C-15E0-47A3-8F21-A48F670C0496" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7335-d300a-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38029.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38029.json index 7cfa449aaf3..50e7ee9d19d 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38029.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38029.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38029", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-08-28T06:15:07.857", - "lastModified": "2023-08-28T13:07:56.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:46:48.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,119 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "51D8D874-7C51-41E7-9689-E795DE1360D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "50C72BE7-0E40-4F1A-86D6-15E8C78121C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5EB5DA1F-3BED-4F23-9FA1-C65F6C59235B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "BE08CF54-2259-40AF-B68C-F3498133F490" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:q20100602:*:*:*:*:*:*:*", + "matchCriteriaId": "28AF1652-9D3F-45F6-969D-FA0D7F688F12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t190:*:*:*:*:*:*:*", + "matchCriteriaId": "825B2F91-8AC9-4543-9BD8-26760B5F6587" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t17041702:*:*:*:*:*:*:*", + "matchCriteriaId": "176C1D07-D975-4CF8-B54C-16366DF1C848" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t18051803:*:*:*:*:*:*:*", + "matchCriteriaId": "BA65B75F-139F-4BC6-A5AB-EA74FFE5966A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:saho:adm-100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA638ECA-B29C-415D-99E7-217D16473C37" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:q20100602:*:*:*:*:*:*:*", + "matchCriteriaId": "D6612C85-1259-4435-BEB1-DC5ADC8D620D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t190:*:*:*:*:*:*:*", + "matchCriteriaId": "EC7D1DBE-4976-47A4-951B-39B5C9B8736A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t17041702:*:*:*:*:*:*:*", + "matchCriteriaId": "C9487774-CE30-4C04-B296-70B3A73225C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t18051803:*:*:*:*:*:*:*", + "matchCriteriaId": "D0E10BD2-D64F-49F9-8409-A56AC2E0FD57" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:saho:adm-100fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "295DF46C-15E0-47A3-8F21-A48F670C0496" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7336-35a94-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38030.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38030.json index 8774613aea0..4830b6caaa9 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38030.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38030.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38030", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-08-28T07:15:09.513", - "lastModified": "2023-08-28T13:07:56.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:42:27.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -36,7 +36,7 @@ }, "weaknesses": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +44,131 @@ "value": "CWE-306" } ] + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "51D8D874-7C51-41E7-9689-E795DE1360D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "50C72BE7-0E40-4F1A-86D6-15E8C78121C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5EB5DA1F-3BED-4F23-9FA1-C65F6C59235B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:0.0.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "BE08CF54-2259-40AF-B68C-F3498133F490" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:q20100602:*:*:*:*:*:*:*", + "matchCriteriaId": "28AF1652-9D3F-45F6-969D-FA0D7F688F12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t190:*:*:*:*:*:*:*", + "matchCriteriaId": "825B2F91-8AC9-4543-9BD8-26760B5F6587" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t17041702:*:*:*:*:*:*:*", + "matchCriteriaId": "176C1D07-D975-4CF8-B54C-16366DF1C848" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100_firmware:t18051803:*:*:*:*:*:*:*", + "matchCriteriaId": "BA65B75F-139F-4BC6-A5AB-EA74FFE5966A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:saho:adm-100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA638ECA-B29C-415D-99E7-217D16473C37" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:q20100602:*:*:*:*:*:*:*", + "matchCriteriaId": "D6612C85-1259-4435-BEB1-DC5ADC8D620D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t190:*:*:*:*:*:*:*", + "matchCriteriaId": "EC7D1DBE-4976-47A4-951B-39B5C9B8736A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t17041702:*:*:*:*:*:*:*", + "matchCriteriaId": "C9487774-CE30-4C04-B296-70B3A73225C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:saho:adm-100fp_firmware:t18051803:*:*:*:*:*:*:*", + "matchCriteriaId": "D0E10BD2-D64F-49F9-8409-A56AC2E0FD57" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:saho:adm-100fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "295DF46C-15E0-47A3-8F21-A48F670C0496" + } + ] + } + ] } ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7337-501df-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38969.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38969.json index 213b84b32e6..fbd1bad4981 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38969.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38969.json @@ -2,23 +2,87 @@ "id": "CVE-2023-38969", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T21:15:07.667", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:49:01.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en Badaso v2.9.7 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro \"title\" de la funciones \"new book\" y \"edit book\"." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uatech:badaso:2.9.7:*:*:*:*:*:*:*", + "matchCriteriaId": "640E915E-3F8B-46DD-BF75-AA5BD97F5B26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-add-books", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38971.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38971.json new file mode 100644 index 00000000000..f48974d6919 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38971.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38971", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-29T22:15:08.883", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md", + "source": "cve@mitre.org" + }, + { + "url": "https://panda002.hashnode.dev/badaso-version-297-has-xss-vulnerability-in-add-ranks", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38975.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38975.json new file mode 100644 index 00000000000..371cb30b866 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38975.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38975", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-29T22:15:08.980", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://aisec.today/Qdrant-56dd05e12ca94d75a5e798b3fee80fa3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/qdrant/qdrant/issues/2268", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38976.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38976.json index db1221c2251..a508afd7e9f 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38976.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38976.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38976", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T17:15:48.127", - "lastModified": "2023-08-24T21:06:00.520", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-29T22:15:09.040", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -68,6 +68,10 @@ } ], "references": [ + { + "url": "https://aisec.today/Weaviate-26981c6c5f794077bd51d24c88cebf7a", + "source": "cve@mitre.org" + }, { "url": "https://github.com/weaviate/weaviate/issues/3258", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39062.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39062.json index fa8def1d5fb..fa3acb4a2b1 100644 --- a/CVE-2023/CVE-2023-390xx/CVE-2023-39062.json +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39062.json @@ -2,27 +2,91 @@ "id": "CVE-2023-39062", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T18:15:08.863", - "lastModified": "2023-08-28T19:28:54.367", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:40:24.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:html2pdf_project:html2pdf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.2.8", + "matchCriteriaId": "59E9D48F-C7C7-48B9-875A-3C116554E9CA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/afine-com/CVE-2023-39062", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-39062", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39558.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39558.json new file mode 100644 index 00000000000..5afec5ca6f8 --- /dev/null +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39558.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39558", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-29T23:15:08.827", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://en.web-audimex.com/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-39558.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39559.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39559.json new file mode 100644 index 00000000000..68fe1001755 --- /dev/null +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39559.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39559", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-29T23:15:08.967", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://en.web-audimex.com/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-39559.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json index b169506ccc9..07308a76228 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json @@ -2,19 +2,75 @@ "id": "CVE-2023-39560", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T17:15:09.820", - "lastModified": "2023-08-28T19:28:54.367", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:41:48.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \\default\\helpers\\insert.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ectouch:ectouch:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3FCDB201-E6E3-4D1A-A480-6564C10A74A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Luci4n555/cve_ectouch", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39578.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39578.json index 589bf7c2e21..b7049d1d895 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39578.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39578.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39578", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T20:15:08.207", - "lastModified": "2023-08-29T20:28:14.970", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-29T22:15:09.127", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -72,6 +72,10 @@ "Issue Tracking", "Vendor Advisory" ] + }, + { + "url": "https://panda002.hashnode.dev/a-stored-cross-site-scripting-xss-vulnerability-in-the-create-the-function-of-zenario-cms-v94", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39709.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39709.json index 449a8ede430..f0cb5ed4ab4 100644 --- a/CVE-2023/CVE-2023-397xx/CVE-2023-39709.json +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39709.json @@ -2,27 +2,89 @@ "id": "CVE-2023-39709", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T19:15:07.830", - "lastModified": "2023-08-28T19:28:54.367", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:39:57.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:free_and_open_source_inventory_management_system_project:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ED4E30A0-0847-427A-9B08-FB699FCC7958" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Arajawat007/4cb86f9239c73ccfeaf466352513b188#file-cve-2023-39709", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.sourcecodester.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40706.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40706.json index 288d5868e60..430be398d9d 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40706.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40706.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40706", "sourceIdentifier": "ot-cert@dragos.com", "published": "2023-08-24T17:15:08.863", - "lastModified": "2023-08-24T19:56:03.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:34:50.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opto22:snap_pac_s1_firmware:r10.3b:*:*:*:*:*:*:*", + "matchCriteriaId": "98B7A05C-5A8D-4AA5-ADCF-9F23CCBB8DEB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2315B03D-3FA8-4C03-B1C0-867CB370D869" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", - "source": "ot-cert@dragos.com" + "source": "ot-cert@dragos.com", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40707.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40707.json index 0fcdc127f4c..8fc6547bd84 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40707.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40707.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40707", "sourceIdentifier": "ot-cert@dragos.com", "published": "2023-08-24T17:15:08.967", - "lastModified": "2023-08-24T19:56:03.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:34:10.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opto22:snap_pac_s1_firmware:r10.3b:*:*:*:*:*:*:*", + "matchCriteriaId": "98B7A05C-5A8D-4AA5-ADCF-9F23CCBB8DEB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2315B03D-3FA8-4C03-B1C0-867CB370D869" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", - "source": "ot-cert@dragos.com" + "source": "ot-cert@dragos.com", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40708.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40708.json index 10663cab920..4d354db0da6 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40708.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40708", "sourceIdentifier": "ot-cert@dragos.com", "published": "2023-08-24T17:15:09.067", - "lastModified": "2023-08-24T19:56:03.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:33:16.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opto22:snap_pac_s1_firmware:r10.3b:*:*:*:*:*:*:*", + "matchCriteriaId": "98B7A05C-5A8D-4AA5-ADCF-9F23CCBB8DEB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2315B03D-3FA8-4C03-B1C0-867CB370D869" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", - "source": "ot-cert@dragos.com" + "source": "ot-cert@dragos.com", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40709.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40709.json index 69fd3189166..b91e157d778 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40709.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40709.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40709", "sourceIdentifier": "ot-cert@dragos.com", "published": "2023-08-24T17:15:09.160", - "lastModified": "2023-08-24T19:55:57.347", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:32:09.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opto22:snap_pac_s1_firmware:r10.3b:*:*:*:*:*:*:*", + "matchCriteriaId": "98B7A05C-5A8D-4AA5-ADCF-9F23CCBB8DEB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2315B03D-3FA8-4C03-B1C0-867CB370D869" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", - "source": "ot-cert@dragos.com" + "source": "ot-cert@dragos.com", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40826.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40826.json index b8351476175..d7dca12bb72 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40826.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40826.json @@ -2,19 +2,81 @@ "id": "CVE-2023-40826", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T22:15:09.433", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:53:39.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter." + }, + { + "lang": "es", + "value": "Un problema en Pf4j v3.9.0 y anteriores permite a un atacante remoto obtener informaci\u00f3n sensible y ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro \"zippluginPath\"." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pf4j_project:pf4j:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.9.0", + "matchCriteriaId": "DB85990D-5588-477E-ADF2-EB0D1DCBC83B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/pf4j/pf4j/issues/536", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41153.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41153.json new file mode 100644 index 00000000000..731cddddfd8 --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41153.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41153", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-29T22:15:09.217", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://webmin.com/tags/webmin-changelog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41265.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41265.json new file mode 100644 index 00000000000..a04d3944275 --- /dev/null +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41265.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-41265", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-29T23:15:09.170", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + } + ] + }, + "references": [ + { + "url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801", + "source": "cve@mitre.org" + }, + { + "url": "https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41266.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41266.json new file mode 100644 index 00000000000..c7e3f4e1b35 --- /dev/null +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41266.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-41266", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-29T23:15:09.380", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801", + "source": "cve@mitre.org" + }, + { + "url": "https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4227.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4227.json index fd7c2fecc4d..d2cb9e3efd0 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4227.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4227.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4227", "sourceIdentifier": "psirt@moxa.com", "published": "2023-08-24T06:15:44.177", - "lastModified": "2023-08-24T12:55:22.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:39:20.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "psirt@moxa.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "psirt@moxa.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:moxa:iologik_e4200_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.6", + "matchCriteriaId": "AEF12B05-ED1F-4200-95AA-04D902B38DD7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:moxa:iologik_e4200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDD86C52-2E62-4B05-B3A3-5EA4A97F9332" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability", - "source": "psirt@moxa.com" + "source": "psirt@moxa.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4228.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4228.json index 753103bf052..efc15b15ac8 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4228.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4228.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4228", "sourceIdentifier": "psirt@moxa.com", "published": "2023-08-24T07:15:11.823", - "lastModified": "2023-08-24T12:55:22.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:36:22.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "psirt@moxa.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "psirt@moxa.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:moxa:iologik_e4200_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.6", + "matchCriteriaId": "AEF12B05-ED1F-4200-95AA-04D902B38DD7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:moxa:iologik_e4200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDD86C52-2E62-4B05-B3A3-5EA4A97F9332" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability", - "source": "psirt@moxa.com" + "source": "psirt@moxa.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4229.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4229.json index 28644cd73a8..3f328b2545d 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4229.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4229.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4229", "sourceIdentifier": "psirt@moxa.com", "published": "2023-08-24T07:15:11.930", - "lastModified": "2023-08-24T12:55:22.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-29T23:35:40.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "psirt@moxa.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + }, { "source": "psirt@moxa.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:moxa:iologik_e4200_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.6", + "matchCriteriaId": "AEF12B05-ED1F-4200-95AA-04D902B38DD7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:moxa:iologik_e4200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDD86C52-2E62-4B05-B3A3-5EA4A97F9332" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability", - "source": "psirt@moxa.com" + "source": "psirt@moxa.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4296.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4296.json new file mode 100644 index 00000000000..3694b1facc8 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4296.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4296", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-08-29T22:15:09.297", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\n?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://codebeamer.com/cb/wiki/31346480", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4611.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4611.json new file mode 100644 index 00000000000..9defcbcac38 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4611.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-4611", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-08-29T22:15:09.397", + "lastModified": "2023-08-29T23:49:20.647", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4611", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227244", + "source": "secalert@redhat.com" + }, + { + "url": "https://www.spinics.net/lists/stable-commits/msg310136.html", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c0fe8563c2c..00f0dd581c7 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-29T22:00:25.129210+00:00 +2023-08-29T23:55:25.192584+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-29T21:15:09.670000+00:00 +2023-08-29T23:53:39.837000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223632 +223642 ``` ### CVEs added in the last Commit Recently added CVEs: `10` -* [CVE-2021-3262](CVE-2021/CVE-2021-32xx/CVE-2021-3262.json) (`2023-08-29T20:15:09.487`) -* [CVE-2023-39266](CVE-2023/CVE-2023-392xx/CVE-2023-39266.json) (`2023-08-29T20:15:09.637`) -* [CVE-2023-39267](CVE-2023/CVE-2023-392xx/CVE-2023-39267.json) (`2023-08-29T20:15:09.743`) -* [CVE-2023-39268](CVE-2023/CVE-2023-392xx/CVE-2023-39268.json) (`2023-08-29T20:15:09.830`) -* [CVE-2023-39663](CVE-2023/CVE-2023-396xx/CVE-2023-39663.json) (`2023-08-29T20:15:09.990`) -* [CVE-2023-39678](CVE-2023/CVE-2023-396xx/CVE-2023-39678.json) (`2023-08-29T20:15:10.133`) -* [CVE-2023-3253](CVE-2023/CVE-2023-32xx/CVE-2023-3253.json) (`2023-08-29T20:15:10.213`) -* [CVE-2023-4346](CVE-2023/CVE-2023-43xx/CVE-2023-4346.json) (`2023-08-29T20:15:10.300`) -* [CVE-2023-4572](CVE-2023/CVE-2023-45xx/CVE-2023-4572.json) (`2023-08-29T20:15:10.480`) -* [CVE-2023-32241](CVE-2023/CVE-2023-322xx/CVE-2023-32241.json) (`2023-08-29T21:15:09.670`) +* [CVE-2020-18912](CVE-2020/CVE-2020-189xx/CVE-2020-18912.json) (`2023-08-29T23:15:07.980`) +* [CVE-2023-38971](CVE-2023/CVE-2023-389xx/CVE-2023-38971.json) (`2023-08-29T22:15:08.883`) +* [CVE-2023-38975](CVE-2023/CVE-2023-389xx/CVE-2023-38975.json) (`2023-08-29T22:15:08.980`) +* [CVE-2023-41153](CVE-2023/CVE-2023-411xx/CVE-2023-41153.json) (`2023-08-29T22:15:09.217`) +* [CVE-2023-4296](CVE-2023/CVE-2023-42xx/CVE-2023-4296.json) (`2023-08-29T22:15:09.297`) +* [CVE-2023-4611](CVE-2023/CVE-2023-46xx/CVE-2023-4611.json) (`2023-08-29T22:15:09.397`) +* [CVE-2023-39558](CVE-2023/CVE-2023-395xx/CVE-2023-39558.json) (`2023-08-29T23:15:08.827`) +* [CVE-2023-39559](CVE-2023/CVE-2023-395xx/CVE-2023-39559.json) (`2023-08-29T23:15:08.967`) +* [CVE-2023-41265](CVE-2023/CVE-2023-412xx/CVE-2023-41265.json) (`2023-08-29T23:15:09.170`) +* [CVE-2023-41266](CVE-2023/CVE-2023-412xx/CVE-2023-41266.json) (`2023-08-29T23:15:09.380`) ### CVEs modified in the last Commit -Recently modified CVEs: `30` +Recently modified CVEs: `23` -* [CVE-2023-32757](CVE-2023/CVE-2023-327xx/CVE-2023-32757.json) (`2023-08-29T20:22:23.300`) -* [CVE-2023-32756](CVE-2023/CVE-2023-327xx/CVE-2023-32756.json) (`2023-08-29T20:22:34.167`) -* [CVE-2023-37429](CVE-2023/CVE-2023-374xx/CVE-2023-37429.json) (`2023-08-29T20:23:33.733`) -* [CVE-2023-37430](CVE-2023/CVE-2023-374xx/CVE-2023-37430.json) (`2023-08-29T20:23:56.680`) -* [CVE-2023-37431](CVE-2023/CVE-2023-374xx/CVE-2023-37431.json) (`2023-08-29T20:26:39.703`) -* [CVE-2023-37432](CVE-2023/CVE-2023-374xx/CVE-2023-37432.json) (`2023-08-29T20:26:53.907`) -* [CVE-2023-37433](CVE-2023/CVE-2023-374xx/CVE-2023-37433.json) (`2023-08-29T20:27:05.560`) -* [CVE-2023-37434](CVE-2023/CVE-2023-374xx/CVE-2023-37434.json) (`2023-08-29T20:27:13.843`) -* [CVE-2023-39578](CVE-2023/CVE-2023-395xx/CVE-2023-39578.json) (`2023-08-29T20:28:14.970`) -* [CVE-2023-37427](CVE-2023/CVE-2023-374xx/CVE-2023-37427.json) (`2023-08-29T20:32:01.987`) -* [CVE-2023-37428](CVE-2023/CVE-2023-374xx/CVE-2023-37428.json) (`2023-08-29T20:36:16.033`) -* [CVE-2023-20890](CVE-2023/CVE-2023-208xx/CVE-2023-20890.json) (`2023-08-29T20:41:07.003`) -* [CVE-2023-34039](CVE-2023/CVE-2023-340xx/CVE-2023-34039.json) (`2023-08-29T20:41:07.003`) -* [CVE-2023-39522](CVE-2023/CVE-2023-395xx/CVE-2023-39522.json) (`2023-08-29T20:41:07.003`) -* [CVE-2023-3251](CVE-2023/CVE-2023-32xx/CVE-2023-3251.json) (`2023-08-29T20:41:07.003`) -* [CVE-2023-3252](CVE-2023/CVE-2023-32xx/CVE-2023-3252.json) (`2023-08-29T20:41:07.003`) -* [CVE-2023-4548](CVE-2023/CVE-2023-45xx/CVE-2023-4548.json) (`2023-08-29T20:42:49.530`) -* [CVE-2023-4547](CVE-2023/CVE-2023-45xx/CVE-2023-4547.json) (`2023-08-29T20:47:26.337`) -* [CVE-2023-4545](CVE-2023/CVE-2023-45xx/CVE-2023-4545.json) (`2023-08-29T20:48:10.567`) -* [CVE-2023-4543](CVE-2023/CVE-2023-45xx/CVE-2023-4543.json) (`2023-08-29T20:48:48.177`) -* [CVE-2023-39291](CVE-2023/CVE-2023-392xx/CVE-2023-39291.json) (`2023-08-29T20:49:42.797`) -* [CVE-2023-39707](CVE-2023/CVE-2023-397xx/CVE-2023-39707.json) (`2023-08-29T20:50:37.223`) -* [CVE-2023-39600](CVE-2023/CVE-2023-396xx/CVE-2023-39600.json) (`2023-08-29T20:51:52.543`) -* [CVE-2023-36199](CVE-2023/CVE-2023-361xx/CVE-2023-36199.json) (`2023-08-29T20:53:23.417`) -* [CVE-2023-36198](CVE-2023/CVE-2023-361xx/CVE-2023-36198.json) (`2023-08-29T20:53:49.233`) +* [CVE-2018-11314](CVE-2018/CVE-2018-113xx/CVE-2018-11314.json) (`2023-08-29T22:15:08.127`) +* [CVE-2020-27366](CVE-2020/CVE-2020-273xx/CVE-2020-27366.json) (`2023-08-29T23:41:31.250`) +* [CVE-2022-27152](CVE-2022/CVE-2022-271xx/CVE-2022-27152.json) (`2023-08-29T22:15:08.747`) +* [CVE-2023-38976](CVE-2023/CVE-2023-389xx/CVE-2023-38976.json) (`2023-08-29T22:15:09.040`) +* [CVE-2023-39578](CVE-2023/CVE-2023-395xx/CVE-2023-39578.json) (`2023-08-29T22:15:09.127`) +* [CVE-2023-40709](CVE-2023/CVE-2023-407xx/CVE-2023-40709.json) (`2023-08-29T23:32:09.780`) +* [CVE-2023-40708](CVE-2023/CVE-2023-407xx/CVE-2023-40708.json) (`2023-08-29T23:33:16.533`) +* [CVE-2023-40707](CVE-2023/CVE-2023-407xx/CVE-2023-40707.json) (`2023-08-29T23:34:10.753`) +* [CVE-2023-40706](CVE-2023/CVE-2023-407xx/CVE-2023-40706.json) (`2023-08-29T23:34:50.430`) +* [CVE-2023-4229](CVE-2023/CVE-2023-42xx/CVE-2023-4229.json) (`2023-08-29T23:35:40.940`) +* [CVE-2023-4228](CVE-2023/CVE-2023-42xx/CVE-2023-4228.json) (`2023-08-29T23:36:22.147`) +* [CVE-2023-4227](CVE-2023/CVE-2023-42xx/CVE-2023-4227.json) (`2023-08-29T23:39:20.507`) +* [CVE-2023-39709](CVE-2023/CVE-2023-397xx/CVE-2023-39709.json) (`2023-08-29T23:39:57.640`) +* [CVE-2023-39062](CVE-2023/CVE-2023-390xx/CVE-2023-39062.json) (`2023-08-29T23:40:24.717`) +* [CVE-2023-39560](CVE-2023/CVE-2023-395xx/CVE-2023-39560.json) (`2023-08-29T23:41:48.403`) +* [CVE-2023-38030](CVE-2023/CVE-2023-380xx/CVE-2023-38030.json) (`2023-08-29T23:42:27.287`) +* [CVE-2023-38029](CVE-2023/CVE-2023-380xx/CVE-2023-38029.json) (`2023-08-29T23:46:48.037`) +* [CVE-2023-38028](CVE-2023/CVE-2023-380xx/CVE-2023-38028.json) (`2023-08-29T23:47:08.563`) +* [CVE-2023-38024](CVE-2023/CVE-2023-380xx/CVE-2023-38024.json) (`2023-08-29T23:47:23.267`) +* [CVE-2023-38025](CVE-2023/CVE-2023-380xx/CVE-2023-38025.json) (`2023-08-29T23:47:47.977`) +* [CVE-2023-38969](CVE-2023/CVE-2023-389xx/CVE-2023-38969.json) (`2023-08-29T23:49:01.320`) +* [CVE-2023-32241](CVE-2023/CVE-2023-322xx/CVE-2023-32241.json) (`2023-08-29T23:49:20.647`) +* [CVE-2023-40826](CVE-2023/CVE-2023-408xx/CVE-2023-40826.json) (`2023-08-29T23:53:39.837`) ## Download and Usage