Executive Summary
\nAn Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an attacker to gain remote code execution within a container. All Service Fabric and Docker versions are impacted.
\n" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30138.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30138.json index e37d6886acd..337ce2414b0 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30138.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30138.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30138", "sourceIdentifier": "secure@microsoft.com", "published": "2022-05-18T23:15:07.730", - "lastModified": "2022-05-31T13:43:28.917", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:17.993", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104, CVE-2022-29132." + "value": "Windows Print Spooler Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30139.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30139.json index d70e9406675..384f3497bd4 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30139.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30139.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30139", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.527", - "lastModified": "2022-09-22T18:22:26.753", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:18.310", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161." + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30140.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30140.json index 08d0fbc7d2d..b9afbcd9f56 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30140.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30140.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30140", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.577", - "lastModified": "2022-09-22T17:05:40.160", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:18.563", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows iSCSI Discovery Service Remote Code Execution Vulnerability." + "value": "Windows iSCSI Discovery Service Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30141.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30141.json index bc89fa1c39d..49eb57eb0a4 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30141.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30141.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30141", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.630", - "lastModified": "2022-06-25T02:37:38.507", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:18.847", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161." + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" }, { "lang": "es", @@ -70,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-94" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30142.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30142.json index c1f821991c6..eb64716550f 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30142.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30142.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30142", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.680", - "lastModified": "2022-09-22T17:26:12.117", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:19.097", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows File History Remote Code Execution Vulnerability." + "value": "Windows File History Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30143.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30143.json index bafbb32e0d5..63df7d3f44b 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30143.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30143.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30143", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.730", - "lastModified": "2022-06-27T13:57:51.583", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:19.340", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161." + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30145.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30145.json index 32d7650dd29..ca41afb8516 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30145.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30145.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30145", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.783", - "lastModified": "2022-09-22T18:15:14.937", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:19.610", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Encrypting File System (EFS) Remote Code Execution Vulnerability." + "value": "Windows Encrypting File System (EFS) Remote Code Execution Vulnerability" }, { "lang": "es", @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-94" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30146.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30146.json index 040952c42db..0478eaf1f6f 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30146.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30146.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30146", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.833", - "lastModified": "2022-06-27T18:46:13.423", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:19.813", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161." + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30147.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30147.json index 476209314d4..52a6f889607 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30147.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30147.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30147", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.887", - "lastModified": "2022-06-27T16:49:11.677", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:20.060", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Installer Elevation of Privilege Vulnerability." + "value": "Windows Installer Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30148.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30148.json index d756ceceb01..f0a2f4241ce 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30148.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30148.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30148", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.940", - "lastModified": "2022-06-27T16:52:54.420", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:20.320", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Desired State Configuration (DSC) Information Disclosure Vulnerability." + "value": "Windows Desired State Configuration (DSC) Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30149.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30149.json index 78d6ec1b524..037f1957661 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30149.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30149.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30149", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:13.990", - "lastModified": "2022-06-27T19:09:24.637", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:20.560", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30153, CVE-2022-30161." + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30150.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30150.json index 5167dcdf6ab..f35012b2390 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30150.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30150.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30150", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.047", - "lastModified": "2022-09-22T19:08:36.247", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:20.777", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability." + "value": "Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-287" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30151.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30151.json index 3a9c68da405..6d17dbf0900 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30151.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30151.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30151", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.110", - "lastModified": "2022-06-27T17:06:44.993", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:20.980", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability." + "value": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -70,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30152.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30152.json index 899478abb4e..a31fec685c1 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30152.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30152.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30152", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.163", - "lastModified": "2022-06-25T03:28:21.470", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:21.177", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Network Address Translation (NAT) Denial of Service Vulnerability." + "value": "Windows Network Address Translation (NAT) Denial of Service Vulnerability" }, { "lang": "es", @@ -70,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30153.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30153.json index 30ee565eb37..2b04ddb2c66 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30153.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30153.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30153", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.213", - "lastModified": "2022-06-27T13:51:48.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:21.417", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30161." + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30154.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30154.json index 36074c31223..583a54b25dc 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30154.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30154.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30154", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.267", - "lastModified": "2022-06-24T21:04:44.797", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:21.620", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability." + "value": "Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -70,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30155.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30155.json index 4cd3383a64a..e8c3bddab2e 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30155.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30155.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30155", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.317", - "lastModified": "2022-10-27T16:04:10.517", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:21.807", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Denial of Service Vulnerability." + "value": "Windows Kernel Denial of Service Vulnerability" }, { "lang": "es", @@ -70,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-193" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30157.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30157.json index 02b9517a561..656f35db98e 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30157.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30157.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30157", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.367", - "lastModified": "2022-06-26T03:45:23.127", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:22.050", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30158." + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30158.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30158.json index f43274760ce..2e26bf60d62 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30158.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30158.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30158", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.420", - "lastModified": "2022-06-26T03:51:32.837", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:22.307", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30157." + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30159.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30159.json index 130104d915f..3e2be396b7d 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30159.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30159.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30159", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.470", - "lastModified": "2022-06-26T03:38:30.753", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:22.690", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172." + "value": "Microsoft Office Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30160.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30160.json index 41ba3d6ea1c..f35be32a74c 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30160.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30160.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30160", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.520", - "lastModified": "2022-06-25T03:24:40.283", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:22.927", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability." + "value": "Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30161.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30161.json index a901afeae8e..55787d445fa 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30161.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30161.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30161", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.570", - "lastModified": "2022-06-27T13:41:35.327", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:23.253", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153." + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30162.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30162.json index 5257d82ffe4..8186a0d3f33 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30162.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30162.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30162", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.617", - "lastModified": "2022-06-25T03:16:58.117", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:23.560", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kernel Information Disclosure Vulnerability." + "value": "Windows Kernel Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30163.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30163.json index 0cd00913202..1b8ea468c98 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30163.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30163.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30163", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.670", - "lastModified": "2022-06-27T17:02:03.493", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:23.890", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Hyper-V Remote Code Execution Vulnerability." + "value": "Windows Hyper-V Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30164.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30164.json index e3aa32dadbd..89d068cfd90 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30164.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30164.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30164", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.720", - "lastModified": "2022-09-22T17:34:07.073", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:24.140", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Kerberos AppContainer Security Feature Bypass Vulnerability." + "value": "Kerberos AppContainer Security Feature Bypass Vulnerability" }, { "lang": "es", @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30165.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30165.json index 1c4adfdba68..6f9a595ae5b 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30165.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30165.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30165", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.777", - "lastModified": "2022-10-05T14:59:12.647", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:24.380", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Kerberos Elevation of Privilege Vulnerability." + "value": "Windows Kerberos Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30166.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30166.json index cbf47879914..284bfe61905 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30166.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30166.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30166", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.827", - "lastModified": "2022-10-27T16:04:21.180", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:24.560", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Local Security Authority Subsystem Service Elevation of Privilege Vulnerability." + "value": "Local Security Authority Subsystem Service Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30167.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30167.json index 9577be45f66..fb1bb1c8de6 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30167.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30167.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30167", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.877", - "lastModified": "2022-06-27T13:59:52.843", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:24.753", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30193." + "value": "AV1 Video Extension Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30168.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30168.json index 0fc2a6ead1c..026cf047470 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30168.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30168.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30168", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.923", - "lastModified": "2022-12-12T20:18:52.243", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:24.923", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Photos App Remote Code Execution Vulnerability." + "value": "Microsoft Photos App Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30171.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30171.json index cc66deaa5fb..142f5578ed9 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30171.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30171.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30171", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:14.973", - "lastModified": "2022-06-26T03:33:00.460", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:25.150", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30172." + "value": "Microsoft Office Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30172.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30172.json index 4fbe4f88278..b8344ef6c1a 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30172.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30172.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30172", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.023", - "lastModified": "2022-06-26T03:26:21.643", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:25.327", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30171." + "value": "Microsoft Office Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30173.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30173.json index 92665b996a4..05054915965 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30173.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30173.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30173", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.073", - "lastModified": "2022-06-25T03:39:21.303", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:25.513", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Excel Remote Code Execution Vulnerability." + "value": "Microsoft Excel Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30174.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30174.json index 331cbf59e09..99a18e58034 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30174.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30174.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30174", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.127", - "lastModified": "2022-09-22T17:36:55.597", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:25.700", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Remote Code Execution Vulnerability." + "value": "Microsoft Office Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30177.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30177.json index 25e35a48f50..7fae3473af7 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30177.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30177.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30177", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.177", - "lastModified": "2022-11-03T17:58:24.707", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:25.910", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30178, CVE-2022-30179." + "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30178.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30178.json index ad561f0ba8b..3ec3914dad4 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30178.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30178.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30178", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.223", - "lastModified": "2022-06-27T16:11:26.777", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:26.090", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30177, CVE-2022-30179." + "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30179.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30179.json index 365f1b95634..21d8da5b198 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30179.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30179.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30179", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.273", - "lastModified": "2022-06-27T16:18:36.427", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:26.250", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30177, CVE-2022-30178." + "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30180.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30180.json index b4121ab27c6..0b4c23a445d 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30180.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30180.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30180", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.320", - "lastModified": "2022-06-27T16:17:14.057", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:26.400", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability." + "value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30184.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30184.json index e6050ec55dd..6fbfdb772ad 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30184.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30184.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30184", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.370", - "lastModified": "2023-11-07T03:47:11.707", + "lastModified": "2023-12-20T22:15:26.597", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": ".NET and Visual Studio Information Disclosure Vulnerability." + "value": ".NET and Visual Studio Information Disclosure Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30188.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30188.json index 779df407456..b939fe02ff2 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30188.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30188.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30188", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.417", - "lastModified": "2022-06-27T18:01:21.187", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:26.827", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22018, CVE-2022-29111, CVE-2022-29119." + "value": "HEVC Video Extensions Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30189.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30189.json index 8436b67be68..eb4aafcd14f 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30189.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30189.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30189", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.467", - "lastModified": "2022-06-27T17:59:29.100", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:26.993", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability." + "value": "Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30190.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30190.json index 73d3a514f82..4c6742ccdd7 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30190.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30190.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30190", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-01T20:15:07.983", - "lastModified": "2022-06-07T18:15:11.790", + "lastModified": "2023-12-20T22:15:27.167", "vulnStatus": "Modified", "cisaExploitAdd": "2022-06-14", "cisaActionDue": "2022-07-05", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability." + "value": "A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user\u2019s rights.
\nPlease see the\u00a0MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
\n" }, { "lang": "es", @@ -94,7 +94,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-610" } ] } diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30192.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30192.json index eead22ffccb..516824bbba8 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30192.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30192.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30192", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-29T17:15:08.310", - "lastModified": "2022-10-26T19:46:57.803", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:27.443", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639." + "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30193.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30193.json index fee2135809c..fab5abc6f55 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30193.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30193.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30193", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-15T22:15:15.513", - "lastModified": "2022-06-27T17:57:03.423", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:27.660", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30167." + "value": "AV1 Video Extension Remote Code Execution Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-336xx/CVE-2022-33638.json b/CVE-2022/CVE-2022-336xx/CVE-2022-33638.json index 46c34033f4c..f309fbdd324 100644 --- a/CVE-2022/CVE-2022-336xx/CVE-2022-33638.json +++ b/CVE-2022/CVE-2022-336xx/CVE-2022-33638.json @@ -2,12 +2,12 @@ "id": "CVE-2022-33638", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-29T17:15:08.410", - "lastModified": "2022-10-26T22:49:46.097", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:28.700", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639." + "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-336xx/CVE-2022-33639.json b/CVE-2022/CVE-2022-336xx/CVE-2022-33639.json index 62e14657997..05282ce7ecb 100644 --- a/CVE-2022/CVE-2022-336xx/CVE-2022-33639.json +++ b/CVE-2022/CVE-2022-336xx/CVE-2022-33639.json @@ -2,12 +2,12 @@ "id": "CVE-2022-33639", "sourceIdentifier": "secure@microsoft.com", "published": "2022-06-29T17:15:08.460", - "lastModified": "2022-11-08T02:48:24.107", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:28.987", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638." + "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-336xx/CVE-2022-33680.json b/CVE-2022/CVE-2022-336xx/CVE-2022-33680.json index 3d18d3b301c..60eb987c0c8 100644 --- a/CVE-2022/CVE-2022-336xx/CVE-2022-33680.json +++ b/CVE-2022/CVE-2022-336xx/CVE-2022-33680.json @@ -2,12 +2,12 @@ "id": "CVE-2022-33680", "sourceIdentifier": "secure@microsoft.com", "published": "2022-07-07T20:15:08.277", - "lastModified": "2022-07-15T15:29:13.357", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-20T22:15:30.770", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639." + "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -70,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22256.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22256.json index 13caa576334..6ed5d50e908 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22256.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22256.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22256", "sourceIdentifier": "psirt@adobe.com", "published": "2023-03-22T17:15:13.807", - "lastModified": "2023-03-31T21:15:06.900", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T21:27:43.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22259.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22259.json index 548738000bf..2c76678aad2 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22259.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22259.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22259", "sourceIdentifier": "psirt@adobe.com", "published": "2023-03-22T17:15:14.100", - "lastModified": "2023-03-31T21:15:07.350", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T21:27:51.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -64,6 +64,16 @@ "value": "CWE-601" } ] + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22265.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22265.json index 9606a267be9..b4a4fea83a7 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22265.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22265.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22265", "sourceIdentifier": "psirt@adobe.com", "published": "2023-03-22T17:15:14.687", - "lastModified": "2023-03-31T21:15:08.560", - "vulnStatus": "Modified", + "lastModified": "2023-12-20T21:21:30.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -64,6 +64,16 @@ "value": "CWE-601" } ] + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47558.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47558.json index d1b656bfd60..5e1abce2ad6 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47558.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47558.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47558", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-18T23:15:08.320", - "lastModified": "2023-12-19T13:42:22.313", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T21:04:39.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lindeni:who_hit_the_page_-_hit_counter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.14.3", + "matchCriteriaId": "1FA982F6-F16E-433B-A526-BAD352C79FCC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/who-hit-the-page-hit-counter/wordpress-who-hit-the-page-hit-counter-plugin-1-4-14-3-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json index df4cc127a06..5096240b140 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47620", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T22:15:43.197", - "lastModified": "2023-12-19T15:27:49.173", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-20T21:27:11.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -89,9 +89,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:koush:scrypted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:clockworkmod:scrypted:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.55.0", - "matchCriteriaId": "2BA9D00E-03C6-42F6-8D59-93062B442786" + "matchCriteriaId": "139AD8AC-1E38-4231-B0ED-8F35D1E78472" } ] } diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json index 733250ba3ff..e697f0764c3 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47623", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T22:15:43.417", - "lastModified": "2023-12-19T15:27:59.743", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-20T21:27:16.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -79,9 +79,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:koush:scrypted:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:clockworkmod:scrypted:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.55.0", - "matchCriteriaId": "2BA9D00E-03C6-42F6-8D59-93062B442786" + "matchCriteriaId": "139AD8AC-1E38-4231-B0ED-8F35D1E78472" } ] } diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48433.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48433.json new file mode 100644 index 00000000000..f9c7283110a --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48433.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48433", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-20T21:15:07.670", + "lastModified": "2023-12-20T21:15:07.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'username' parameter of the login_action.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/ma/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48434.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48434.json new file mode 100644 index 00000000000..273ac9e3db7 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48434.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48434", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-20T21:15:07.900", + "lastModified": "2023-12-20T21:15:07.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'username' parameter of the reg_action.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/ma/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48581.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48581.json index be76a7f995e..ab9d2966cbd 100644 --- a/CVE-2023/CVE-2023-485xx/CVE-2023-48581.json +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48581.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48581", "sourceIdentifier": "psirt@adobe.com", "published": "2023-12-15T11:15:38.953", - "lastModified": "2023-12-16T01:10:18.970", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-20T21:21:59.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + }, + { + "lang": "es", + "value": "Las versiones 6.5.18 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que podr\u00eda ser aprovechada por un atacante con pocos privilegios para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable." } ], "metrics": { @@ -74,6 +78,7 @@ "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", "source": "psirt@adobe.com", "tags": [ + "Patch", "Vendor Advisory" ] } diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48582.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48582.json index dded1274a8d..aa930397087 100644 --- a/CVE-2023/CVE-2023-485xx/CVE-2023-48582.json +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48582.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48582", "sourceIdentifier": "psirt@adobe.com", "published": "2023-12-15T11:15:39.150", - "lastModified": "2023-12-16T01:11:25.667", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-20T21:22:05.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + }, + { + "lang": "es", + "value": "Las versiones 6.5.18 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que podr\u00eda ser aprovechada por un atacante con pocos privilegios para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable." } ], "metrics": { @@ -74,6 +78,7 @@ "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", "source": "psirt@adobe.com", "tags": [ + "Patch", "Vendor Advisory" ] } diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48583.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48583.json index b49408095e6..7ec9f7e7e50 100644 --- a/CVE-2023/CVE-2023-485xx/CVE-2023-48583.json +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48583.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48583", "sourceIdentifier": "psirt@adobe.com", "published": "2023-12-15T11:15:39.343", - "lastModified": "2023-12-16T01:11:39.670", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-20T21:22:12.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + }, + { + "lang": "es", + "value": "Las versiones 6.5.18 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS basado en DOM). Si un atacante con pocos privilegios puede convencer a una v\u00edctima para que visite una URL que hace referencia a una p\u00e1gina vulnerable, se puede ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la v\u00edctima." } ], "metrics": { @@ -104,6 +108,7 @@ "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", "source": "psirt@adobe.com", "tags": [ + "Patch", "Vendor Advisory" ] } diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48755.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48755.json index f444f6ab098..c3fcda58c24 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48755.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48755.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48755", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-18T16:15:10.693", - "lastModified": "2023-12-18T17:24:19.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T21:09:32.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Michael Winkler TeachPress. Este problema afecta a TeachPress: desde n/a hasta 9.0.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:teachpress_project:teachpress:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "9.0.5", + "matchCriteriaId": "68321E96-9347-47D7-8296-49C6EC687048" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json index 2e0462bea0c..b23867ba173 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json @@ -2,12 +2,12 @@ "id": "CVE-2023-48795", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T16:15:10.897", - "lastModified": "2023-12-20T12:15:49.627", + "lastModified": "2023-12-20T21:15:08.123", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31." + "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31." }, { "lang": "es", @@ -76,6 +76,10 @@ "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8", "source": "cve@mitre.org" }, + { + "url": "https://github.com/apache/mina-sshd/issues/445", + "source": "cve@mitre.org" + }, { "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "source": "cve@mitre.org" @@ -100,6 +104,14 @@ "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "source": "cve@mitre.org" }, + { + "url": "https://github.com/hierynomus/sshj/issues/916", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/janmojzis/tinyssh/issues/81", + "source": "cve@mitre.org" + }, { "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "source": "cve@mitre.org" @@ -136,6 +148,14 @@ "url": "https://github.com/paramiko/paramiko/issues/2337", "source": "cve@mitre.org" }, + { + "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", + "source": "cve@mitre.org" + }, { "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49342.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49342.json index c956a90ef06..2a14e06ebcc 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49342.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49342.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49342", "sourceIdentifier": "security@ubuntu.com", "published": "2023-12-14T22:15:42.813", - "lastModified": "2023-12-14T22:44:49.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T21:02:43.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + }, + { + "lang": "es", + "value": "Los datos temporales pasados entre los componentes de la aplicaci\u00f3n mediante el subprograma Budgie Extras Clockworks podr\u00edan verse o manipularse. Los datos se almacenan en una ubicaci\u00f3n a la que puede acceder cualquier usuario que tenga acceso local al sistema. Los atacantes pueden crear previamente y controlar este archivo para presentar informaci\u00f3n falsa a los usuarios o negar el acceso a la aplicaci\u00f3n y al panel." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -50,18 +84,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ubuntubudgie:budgie_extras:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.4.0", + "versionEndExcluding": "1.7.1", + "matchCriteriaId": "8486FB0D-3D4A-437C-94B7-605883A1D427" + } + ] + } + ] + } + ], "references": [ { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49342", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-2vfg-p2h9-wg39", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ubuntu.com/security/notices/USN-6556-1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49343.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49343.json index 273e473b4b1..a9d57b371e7 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49343.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49343.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49343", "sourceIdentifier": "security@ubuntu.com", "published": "2023-12-14T22:15:43.027", - "lastModified": "2023-12-14T22:44:49.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T21:05:50.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + }, + { + "lang": "es", + "value": "Los datos temporales pasados entre los componentes de la aplicaci\u00f3n mediante el subprograma Budgie Extras Dropby podr\u00edan verse o manipularse. Los datos se almacenan en una ubicaci\u00f3n a la que puede acceder cualquier usuario que tenga acceso local al sistema. Los atacantes pueden crear previamente y controlar este archivo para presentar informaci\u00f3n falsa a los usuarios o negar el acceso a la aplicaci\u00f3n y al panel." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +59,20 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-335" + }, + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -50,18 +88,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ubuntubudgie:budgie_extras:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.4.0", + "versionEndExcluding": "1.7.1", + "matchCriteriaId": "8486FB0D-3D4A-437C-94B7-605883A1D427" + } + ] + } + ] + } + ], "references": [ { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ubuntu.com/security/notices/USN-6556-1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49344.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49344.json index 7b1b38fff70..6e9cd512578 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49344.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49344.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49344", "sourceIdentifier": "security@ubuntu.com", "published": "2023-12-14T22:15:43.220", - "lastModified": "2023-12-14T22:44:49.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T21:06:04.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + }, + { + "lang": "es", + "value": "Los datos temporales pasados entre los componentes de la aplicaci\u00f3n mediante el subprograma Budgie Extras Window Shuffler podr\u00edan verse o manipularse. Los datos se almacenan en una ubicaci\u00f3n a la que puede acceder cualquier usuario que tenga acceso local al sistema. Los atacantes pueden crear previamente y controlar este archivo para presentar informaci\u00f3n falsa a los usuarios o negar el acceso a la aplicaci\u00f3n y al panel." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -50,18 +84,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ubuntubudgie:budgie_extras:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.4.0", + "versionEndExcluding": "1.7.1", + "matchCriteriaId": "8486FB0D-3D4A-437C-94B7-605883A1D427" + } + ] + } + ] + } + ], "references": [ { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49344", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-rhwf-6fc9-9jvm", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ubuntu.com/security/notices/USN-6556-1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-506xx/CVE-2023-50639.json b/CVE-2023/CVE-2023-506xx/CVE-2023-50639.json new file mode 100644 index 00000000000..ec014ead7f5 --- /dev/null +++ b/CVE-2023/CVE-2023-506xx/CVE-2023-50639.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50639", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T21:15:08.280", + "lastModified": "2023-12-20T21:15:08.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/940198871/Vulnerability-details/blob/main/CVE-2023-50639.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50983.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50983.json new file mode 100644 index 00000000000..bc783ced2b8 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50983.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50983", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:34.610", + "lastModified": "2023-12-20T22:15:34.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/sysScheduleRebootSet-2.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50984.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50984.json new file mode 100644 index 00000000000..d0aec4427af --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50984.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50984", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:34.723", + "lastModified": "2023-12-20T22:15:34.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/spdtstConfigAndStart.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50985.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50985.json new file mode 100644 index 00000000000..7c4e3b3bf08 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50985.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50985", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:34.820", + "lastModified": "2023-12-20T22:15:34.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/lanCfgSet.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50986.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50986.json new file mode 100644 index 00000000000..14ce37bd27e --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50986.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50986", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:34.897", + "lastModified": "2023-12-20T22:15:34.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/sysLogin.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50987.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50987.json new file mode 100644 index 00000000000..5d4fd9947fa --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50987.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50987", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:34.983", + "lastModified": "2023-12-20T22:15:34.983", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/sysTimeInfoSet.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50988.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50988.json new file mode 100644 index 00000000000..98590fca124 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50988.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50988", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:35.080", + "lastModified": "2023-12-20T22:15:35.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/wifiRadioSetIndoor.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50989.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50989.json new file mode 100644 index 00000000000..5581a20987f --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50989.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50989", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:35.170", + "lastModified": "2023-12-20T22:15:35.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/pingSet-2.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50990.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50990.json new file mode 100644 index 00000000000..bd7ceaa4b33 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50990.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50990", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:35.293", + "lastModified": "2023-12-20T22:15:35.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/sysScheduleRebootSet.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50992.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50992.json new file mode 100644 index 00000000000..fb6aa790df9 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50992.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50992", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:35.450", + "lastModified": "2023-12-20T22:15:35.450", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/setPing.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50993.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50993.json new file mode 100644 index 00000000000..88ef5576358 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50993.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50993", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-20T22:15:35.550", + "lastModified": "2023-12-20T22:15:35.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/WS6008-WS6108/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5949.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5949.json index d3328e23542..189bbb66acc 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5949.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5949.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5949", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.703", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-20T21:06:45.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content." + }, + { + "lang": "es", + "value": "El complemento SmartCrawl de WordPress anterior a 3.8.3 no impide que usuarios no autorizados accedan al contenido de las publicaciones protegidas con contrase\u00f1a." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.8.3", + "matchCriteriaId": "8E568A34-43E6-4984-B75D-1A201CEEA360" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/3cec27ca-f470-402d-ae3e-271cb59cf407", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6394.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6394.json index 080b8fc568a..55af3d21531 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6394.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6394.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6394", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-09T02:15:06.747", - "lastModified": "2023-12-13T08:15:52.493", + "lastModified": "2023-12-20T21:15:08.340", "vulnStatus": "Modified", "descriptions": [ { @@ -114,6 +114,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7612", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6394", "source": "secalert@redhat.com", diff --git a/README.md b/README.md index 9005ef78e03..aa4ee4f3576 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-20T21:00:24.583487+00:00 +2023-12-20T23:00:25.583061+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-20T20:59:31.170000+00:00 +2023-12-20T22:15:35.550000+00:00 ``` ### Last Data Feed Release @@ -29,64 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233890 +233903 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `13` -* [CVE-2022-44684](CVE-2022/CVE-2022-446xx/CVE-2022-44684.json) (`2023-12-20T20:15:19.003`) -* [CVE-2023-28170](CVE-2023/CVE-2023-281xx/CVE-2023-28170.json) (`2023-12-20T19:15:08.350`) -* [CVE-2023-29102](CVE-2023/CVE-2023-291xx/CVE-2023-29102.json) (`2023-12-20T19:15:08.560`) -* [CVE-2023-29384](CVE-2023/CVE-2023-293xx/CVE-2023-29384.json) (`2023-12-20T19:15:08.740`) -* [CVE-2023-31215](CVE-2023/CVE-2023-312xx/CVE-2023-31215.json) (`2023-12-20T19:15:08.930`) -* [CVE-2023-31231](CVE-2023/CVE-2023-312xx/CVE-2023-31231.json) (`2023-12-20T19:15:09.133`) -* [CVE-2023-33318](CVE-2023/CVE-2023-333xx/CVE-2023-33318.json) (`2023-12-20T19:15:09.337`) -* [CVE-2023-34007](CVE-2023/CVE-2023-340xx/CVE-2023-34007.json) (`2023-12-20T19:15:09.523`) -* [CVE-2023-34385](CVE-2023/CVE-2023-343xx/CVE-2023-34385.json) (`2023-12-20T19:15:09.710`) -* [CVE-2023-40204](CVE-2023/CVE-2023-402xx/CVE-2023-40204.json) (`2023-12-20T19:15:09.923`) -* [CVE-2023-45603](CVE-2023/CVE-2023-456xx/CVE-2023-45603.json) (`2023-12-20T19:15:10.117`) -* [CVE-2023-46149](CVE-2023/CVE-2023-461xx/CVE-2023-46149.json) (`2023-12-20T19:15:10.310`) -* [CVE-2023-47784](CVE-2023/CVE-2023-477xx/CVE-2023-47784.json) (`2023-12-20T19:15:10.507`) -* [CVE-2023-47990](CVE-2023/CVE-2023-479xx/CVE-2023-47990.json) (`2023-12-20T19:15:10.697`) -* [CVE-2023-49814](CVE-2023/CVE-2023-498xx/CVE-2023-49814.json) (`2023-12-20T19:15:10.740`) -* [CVE-2023-23970](CVE-2023/CVE-2023-239xx/CVE-2023-23970.json) (`2023-12-20T20:15:19.177`) -* [CVE-2023-25970](CVE-2023/CVE-2023-259xx/CVE-2023-25970.json) (`2023-12-20T20:15:19.380`) -* [CVE-2023-49270](CVE-2023/CVE-2023-492xx/CVE-2023-49270.json) (`2023-12-20T20:15:19.597`) -* [CVE-2023-49271](CVE-2023/CVE-2023-492xx/CVE-2023-49271.json) (`2023-12-20T20:15:19.800`) -* [CVE-2023-49272](CVE-2023/CVE-2023-492xx/CVE-2023-49272.json) (`2023-12-20T20:15:20.010`) +* [CVE-2023-48433](CVE-2023/CVE-2023-484xx/CVE-2023-48433.json) (`2023-12-20T21:15:07.670`) +* [CVE-2023-48434](CVE-2023/CVE-2023-484xx/CVE-2023-48434.json) (`2023-12-20T21:15:07.900`) +* [CVE-2023-50639](CVE-2023/CVE-2023-506xx/CVE-2023-50639.json) (`2023-12-20T21:15:08.280`) +* [CVE-2023-50983](CVE-2023/CVE-2023-509xx/CVE-2023-50983.json) (`2023-12-20T22:15:34.610`) +* [CVE-2023-50984](CVE-2023/CVE-2023-509xx/CVE-2023-50984.json) (`2023-12-20T22:15:34.723`) +* [CVE-2023-50985](CVE-2023/CVE-2023-509xx/CVE-2023-50985.json) (`2023-12-20T22:15:34.820`) +* [CVE-2023-50986](CVE-2023/CVE-2023-509xx/CVE-2023-50986.json) (`2023-12-20T22:15:34.897`) +* [CVE-2023-50987](CVE-2023/CVE-2023-509xx/CVE-2023-50987.json) (`2023-12-20T22:15:34.983`) +* [CVE-2023-50988](CVE-2023/CVE-2023-509xx/CVE-2023-50988.json) (`2023-12-20T22:15:35.080`) +* [CVE-2023-50989](CVE-2023/CVE-2023-509xx/CVE-2023-50989.json) (`2023-12-20T22:15:35.170`) +* [CVE-2023-50990](CVE-2023/CVE-2023-509xx/CVE-2023-50990.json) (`2023-12-20T22:15:35.293`) +* [CVE-2023-50992](CVE-2023/CVE-2023-509xx/CVE-2023-50992.json) (`2023-12-20T22:15:35.450`) +* [CVE-2023-50993](CVE-2023/CVE-2023-509xx/CVE-2023-50993.json) (`2023-12-20T22:15:35.550`) ### CVEs modified in the last Commit -Recently modified CVEs: `150` +Recently modified CVEs: `77` -* [CVE-2023-23157](CVE-2023/CVE-2023-231xx/CVE-2023-23157.json) (`2023-12-20T20:08:15.050`) -* [CVE-2023-23158](CVE-2023/CVE-2023-231xx/CVE-2023-23158.json) (`2023-12-20T20:08:18.170`) -* [CVE-2023-24726](CVE-2023/CVE-2023-247xx/CVE-2023-24726.json) (`2023-12-20T20:08:21.123`) -* [CVE-2023-37743](CVE-2023/CVE-2023-377xx/CVE-2023-37743.json) (`2023-12-20T20:08:49.497`) -* [CVE-2023-31932](CVE-2023/CVE-2023-319xx/CVE-2023-31932.json) (`2023-12-20T20:09:04.483`) -* [CVE-2023-31933](CVE-2023/CVE-2023-319xx/CVE-2023-31933.json) (`2023-12-20T20:09:09.700`) -* [CVE-2023-31934](CVE-2023/CVE-2023-319xx/CVE-2023-31934.json) (`2023-12-20T20:09:13.353`) -* [CVE-2023-31935](CVE-2023/CVE-2023-319xx/CVE-2023-31935.json) (`2023-12-20T20:09:16.987`) -* [CVE-2023-31936](CVE-2023/CVE-2023-319xx/CVE-2023-31936.json) (`2023-12-20T20:09:20.560`) -* [CVE-2023-31937](CVE-2023/CVE-2023-319xx/CVE-2023-31937.json) (`2023-12-20T20:09:24.087`) -* [CVE-2023-46998](CVE-2023/CVE-2023-469xx/CVE-2023-46998.json) (`2023-12-20T20:09:44.320`) -* [CVE-2023-3275](CVE-2023/CVE-2023-32xx/CVE-2023-3275.json) (`2023-12-20T20:10:40.493`) -* [CVE-2023-23684](CVE-2023/CVE-2023-236xx/CVE-2023-23684.json) (`2023-12-20T20:10:54.733`) -* [CVE-2023-6901](CVE-2023/CVE-2023-69xx/CVE-2023-6901.json) (`2023-12-20T20:11:33.917`) -* [CVE-2023-40630](CVE-2023/CVE-2023-406xx/CVE-2023-40630.json) (`2023-12-20T20:13:31.610`) -* [CVE-2023-6134](CVE-2023/CVE-2023-61xx/CVE-2023-6134.json) (`2023-12-20T20:29:14.540`) -* [CVE-2023-6899](CVE-2023/CVE-2023-68xx/CVE-2023-6899.json) (`2023-12-20T20:29:39.937`) -* [CVE-2023-6900](CVE-2023/CVE-2023-69xx/CVE-2023-6900.json) (`2023-12-20T20:35:24.577`) -* [CVE-2023-6886](CVE-2023/CVE-2023-68xx/CVE-2023-6886.json) (`2023-12-20T20:41:07.530`) -* [CVE-2023-49347](CVE-2023/CVE-2023-493xx/CVE-2023-49347.json) (`2023-12-20T20:41:11.457`) -* [CVE-2023-6906](CVE-2023/CVE-2023-69xx/CVE-2023-6906.json) (`2023-12-20T20:47:26.333`) -* [CVE-2023-6907](CVE-2023/CVE-2023-69xx/CVE-2023-6907.json) (`2023-12-20T20:50:06.230`) -* [CVE-2023-49346](CVE-2023/CVE-2023-493xx/CVE-2023-49346.json) (`2023-12-20T20:56:09.633`) -* [CVE-2023-49345](CVE-2023/CVE-2023-493xx/CVE-2023-49345.json) (`2023-12-20T20:58:34.320`) -* [CVE-2023-49153](CVE-2023/CVE-2023-491xx/CVE-2023-49153.json) (`2023-12-20T20:59:31.170`) +* [CVE-2022-30184](CVE-2022/CVE-2022-301xx/CVE-2022-30184.json) (`2023-12-20T22:15:26.597`) +* [CVE-2022-30188](CVE-2022/CVE-2022-301xx/CVE-2022-30188.json) (`2023-12-20T22:15:26.827`) +* [CVE-2022-30189](CVE-2022/CVE-2022-301xx/CVE-2022-30189.json) (`2023-12-20T22:15:26.993`) +* [CVE-2022-30190](CVE-2022/CVE-2022-301xx/CVE-2022-30190.json) (`2023-12-20T22:15:27.167`) +* [CVE-2022-30192](CVE-2022/CVE-2022-301xx/CVE-2022-30192.json) (`2023-12-20T22:15:27.443`) +* [CVE-2022-30193](CVE-2022/CVE-2022-301xx/CVE-2022-30193.json) (`2023-12-20T22:15:27.660`) +* [CVE-2022-33638](CVE-2022/CVE-2022-336xx/CVE-2022-33638.json) (`2023-12-20T22:15:28.700`) +* [CVE-2022-33639](CVE-2022/CVE-2022-336xx/CVE-2022-33639.json) (`2023-12-20T22:15:28.987`) +* [CVE-2022-33680](CVE-2022/CVE-2022-336xx/CVE-2022-33680.json) (`2023-12-20T22:15:30.770`) +* [CVE-2023-49342](CVE-2023/CVE-2023-493xx/CVE-2023-49342.json) (`2023-12-20T21:02:43.633`) +* [CVE-2023-47558](CVE-2023/CVE-2023-475xx/CVE-2023-47558.json) (`2023-12-20T21:04:39.647`) +* [CVE-2023-49343](CVE-2023/CVE-2023-493xx/CVE-2023-49343.json) (`2023-12-20T21:05:50.880`) +* [CVE-2023-49344](CVE-2023/CVE-2023-493xx/CVE-2023-49344.json) (`2023-12-20T21:06:04.320`) +* [CVE-2023-5949](CVE-2023/CVE-2023-59xx/CVE-2023-5949.json) (`2023-12-20T21:06:45.797`) +* [CVE-2023-48755](CVE-2023/CVE-2023-487xx/CVE-2023-48755.json) (`2023-12-20T21:09:32.063`) +* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-20T21:15:08.123`) +* [CVE-2023-6394](CVE-2023/CVE-2023-63xx/CVE-2023-6394.json) (`2023-12-20T21:15:08.340`) +* [CVE-2023-22265](CVE-2023/CVE-2023-222xx/CVE-2023-22265.json) (`2023-12-20T21:21:30.387`) +* [CVE-2023-48581](CVE-2023/CVE-2023-485xx/CVE-2023-48581.json) (`2023-12-20T21:21:59.990`) +* [CVE-2023-48582](CVE-2023/CVE-2023-485xx/CVE-2023-48582.json) (`2023-12-20T21:22:05.797`) +* [CVE-2023-48583](CVE-2023/CVE-2023-485xx/CVE-2023-48583.json) (`2023-12-20T21:22:12.383`) +* [CVE-2023-47620](CVE-2023/CVE-2023-476xx/CVE-2023-47620.json) (`2023-12-20T21:27:11.537`) +* [CVE-2023-47623](CVE-2023/CVE-2023-476xx/CVE-2023-47623.json) (`2023-12-20T21:27:16.323`) +* [CVE-2023-22256](CVE-2023/CVE-2023-222xx/CVE-2023-22256.json) (`2023-12-20T21:27:43.077`) +* [CVE-2023-22259](CVE-2023/CVE-2023-222xx/CVE-2023-22259.json) (`2023-12-20T21:27:51.563`) ## Download and Usage