From b78752854bad5d5812c1e1597e7926fa4e17989f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 29 Nov 2023 23:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-11-29T23:00:18.446215+00:00 --- CVE-2022/CVE-2022-289xx/CVE-2022-28958.json | 127 +------------------- CVE-2022/CVE-2022-425xx/CVE-2022-42536.json | 20 +++ CVE-2022/CVE-2022-425xx/CVE-2022-42537.json | 20 +++ CVE-2022/CVE-2022-425xx/CVE-2022-42538.json | 20 +++ CVE-2022/CVE-2022-425xx/CVE-2022-42539.json | 20 +++ CVE-2022/CVE-2022-425xx/CVE-2022-42540.json | 20 +++ CVE-2022/CVE-2022-425xx/CVE-2022-42541.json | 20 +++ CVE-2023/CVE-2023-417xx/CVE-2023-41787.json | 58 ++++++++- CVE-2023/CVE-2023-417xx/CVE-2023-41788.json | 58 ++++++++- CVE-2023/CVE-2023-417xx/CVE-2023-41789.json | 58 ++++++++- CVE-2023/CVE-2023-44xx/CVE-2023-4406.json | 27 ++++- CVE-2023/CVE-2023-45xx/CVE-2023-4593.json | 58 ++++++++- CVE-2023/CVE-2023-45xx/CVE-2023-4594.json | 58 ++++++++- CVE-2023/CVE-2023-45xx/CVE-2023-4595.json | 58 ++++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49083.json | 6 +- CVE-2023/CVE-2023-53xx/CVE-2023-5368.json | 14 ++- README.md | 64 ++++------ 17 files changed, 516 insertions(+), 190 deletions(-) create mode 100644 CVE-2022/CVE-2022-425xx/CVE-2022-42536.json create mode 100644 CVE-2022/CVE-2022-425xx/CVE-2022-42537.json create mode 100644 CVE-2022/CVE-2022-425xx/CVE-2022-42538.json create mode 100644 CVE-2022/CVE-2022-425xx/CVE-2022-42539.json create mode 100644 CVE-2022/CVE-2022-425xx/CVE-2022-42540.json create mode 100644 CVE-2022/CVE-2022-425xx/CVE-2022-42541.json diff --git a/CVE-2022/CVE-2022-289xx/CVE-2022-28958.json b/CVE-2022/CVE-2022-289xx/CVE-2022-28958.json index 1550ac98e7a..378b1181570 100644 --- a/CVE-2022/CVE-2022-289xx/CVE-2022-28958.json +++ b/CVE-2022/CVE-2022-289xx/CVE-2022-28958.json @@ -2,8 +2,8 @@ "id": "CVE-2022-28958", "sourceIdentifier": "cve@mitre.org", "published": "2022-05-18T12:15:08.120", - "lastModified": "2023-11-07T03:45:52.710", - "vulnStatus": "Modified", + "lastModified": "2023-11-29T21:15:07.480", + "vulnStatus": "Rejected", "cisaExploitAdd": "2022-09-08", "cisaActionDue": "2022-09-29", "cisaRequiredAction": "This CVE is currently in disputed status. During the review process, agencies should update per vendor instructions.", @@ -11,126 +11,9 @@ "descriptions": [ { "lang": "en", - "value": "D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php. NOTE: this has been disputed by a third party." - }, - { - "lang": "es", - "value": "** EN DISPUTA ** Se ha detectado que D-Link DIR816L_FW206b01, contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota (RCE) por medio del par\u00e1metro value en el archivo shareport.php. NOTA: este dato ha sido impugnado por un tercero." + "value": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ], - "cvssMetricV2": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "accessVector": "NETWORK", - "accessComplexity": "LOW", - "authentication": "NONE", - "confidentialityImpact": "PARTIAL", - "integrityImpact": "PARTIAL", - "availabilityImpact": "PARTIAL", - "baseScore": 7.5 - }, - "baseSeverity": "HIGH", - "exploitabilityScore": 10.0, - "impactScore": 6.4, - "acInsufInfo": false, - "obtainAllPrivilege": false, - "obtainUserPrivilege": false, - "obtainOtherPrivilege": false, - "userInteractionRequired": false - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "NVD-CWE-noinfo" - } - ] - } - ], - "configurations": [ - { - "operator": "AND", - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:*", - "matchCriteriaId": "A18EE532-DA3C-4510-94D3-4BC6DF91CA80" - } - ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A17C1E74-E315-4292-AF6B-EEF86B64A63C" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://github.com/shijin0925/IOT/blob/master/DIR816/3.md", - "source": "cve@mitre.org", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://vulncheck.com/blog/moobot-uses-fake-vulnerability", - "source": "cve@mitre.org", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.dlink.com/en/security-bulletin/", - "source": "cve@mitre.org", - "tags": [ - "Vendor Advisory" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42536.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42536.json new file mode 100644 index 00000000000..8f2cddd7ef4 --- /dev/null +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42536.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42536", + "sourceIdentifier": "security@android.com", + "published": "2023-11-29T22:15:07.110", + "lastModified": "2023-11-29T22:15:07.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42537.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42537.json new file mode 100644 index 00000000000..94f412c7dfe --- /dev/null +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42537.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42537", + "sourceIdentifier": "security@android.com", + "published": "2023-11-29T22:15:07.173", + "lastModified": "2023-11-29T22:15:07.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42538.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42538.json new file mode 100644 index 00000000000..6599eff3722 --- /dev/null +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42538.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42538", + "sourceIdentifier": "security@android.com", + "published": "2023-11-29T22:15:07.220", + "lastModified": "2023-11-29T22:15:07.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Elevation of privilege" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42539.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42539.json new file mode 100644 index 00000000000..d5f10c7e4af --- /dev/null +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42539.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42539", + "sourceIdentifier": "security@android.com", + "published": "2023-11-29T22:15:07.267", + "lastModified": "2023-11-29T22:15:07.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Information disclosure" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42540.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42540.json new file mode 100644 index 00000000000..74924919b2f --- /dev/null +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42540.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42540", + "sourceIdentifier": "security@android.com", + "published": "2023-11-29T22:15:07.317", + "lastModified": "2023-11-29T22:15:07.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Elevation of privilege" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42541.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42541.json new file mode 100644 index 00000000000..2cf7402af6b --- /dev/null +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42541.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42541", + "sourceIdentifier": "security@android.com", + "published": "2023-11-29T22:15:07.363", + "lastModified": "2023-11-29T22:15:07.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41787.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41787.json index c3e9ad8a116..bedf9c75220 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41787.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41787.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41787", "sourceIdentifier": "security@pandorafms.com", "published": "2023-11-23T15:15:08.223", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-29T21:04:56.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@pandorafms.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "security@pandorafms.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "700", + "versionEndExcluding": "773", + "matchCriteriaId": "6E6C2D47-FC03-4430-BEE8-2183D4876B67" + } + ] + } + ] + } + ], "references": [ { "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", - "source": "security@pandorafms.com" + "source": "security@pandorafms.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41788.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41788.json index fb5101dc82d..56af96aa26f 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41788.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41788.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41788", "sourceIdentifier": "security@pandorafms.com", "published": "2023-11-23T15:15:08.407", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-29T21:02:14.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@pandorafms.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "security@pandorafms.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "700", + "versionEndExcluding": "774", + "matchCriteriaId": "4BFBB222-690E-4B0B-B345-40BCB34BC8FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", - "source": "security@pandorafms.com" + "source": "security@pandorafms.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41789.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41789.json index 5100861099d..6688b5bcbe2 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41789.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41789.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41789", "sourceIdentifier": "security@pandorafms.com", "published": "2023-11-23T15:15:08.583", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-29T21:01:34.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@pandorafms.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@pandorafms.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "700", + "versionEndIncluding": "773", + "matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625" + } + ] + } + ] + } + ], "references": [ { "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", - "source": "security@pandorafms.com" + "source": "security@pandorafms.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4406.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4406.json index e024b66f082..af0fe513e2d 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4406.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4406.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4406", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-11-23T10:15:07.823", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-29T21:24:04.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kc_group_e-commerce_software_project:kc_group_e-commerce_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-11-23", + "matchCriteriaId": "E063B910-A7EE-4EFA-9B2F-21C4FB65B9DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://www.usom.gov.tr/bildirim/tr-23-0657", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4593.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4593.json index e4c8f8a65b7..012afb7ae1d 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4593.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4593.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4593", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-23T13:15:11.810", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-29T21:23:46.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +70,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*", + "matchCriteriaId": "2301420C-71AE-459C-AF45-05F5387D3638" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4594.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4594.json index 60c723efdde..7e89b8d92d8 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4594.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4594.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4594", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-23T13:15:12.347", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-29T21:23:22.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +70,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*", + "matchCriteriaId": "2301420C-71AE-459C-AF45-05F5387D3638" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4595.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4595.json index 5937527582f..c2573a6af68 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4595.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4595.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4595", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-23T13:15:12.533", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-29T21:23:11.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +70,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*", + "matchCriteriaId": "2301420C-71AE-459C-AF45-05F5387D3638" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json index a4fcd47a9ca..5d32996df81 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49083", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-29T19:15:07.967", - "lastModified": "2023-11-29T20:53:05.993", + "lastModified": "2023-11-29T21:15:07.823", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/11/29/2", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5368.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5368.json index 26e9e1ed8ef..bdea24ed779 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5368.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5368.json @@ -2,12 +2,12 @@ "id": "CVE-2023-5368", "sourceIdentifier": "secteam@freebsd.org", "published": "2023-10-04T04:15:14.143", - "lastModified": "2023-10-05T17:08:04.260", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-29T21:15:07.940", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\n\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file)." + "value": "On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\n\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\n\n" }, { "lang": "es", @@ -136,12 +136,20 @@ } ], "references": [ + { + "url": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/", + "source": "secteam@freebsd.org" + }, { "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc", "source": "secteam@freebsd.org", "tags": [ "Patch" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231124-0004/", + "source": "secteam@freebsd.org" } ] } \ No newline at end of file diff --git a/README.md b/README.md index d70901b3664..48ea76aa000 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-29T21:00:18.287459+00:00 +2023-11-29T23:00:18.446215+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-29T20:59:23.030000+00:00 +2023-11-29T22:15:07.363000+00:00 ``` ### Last Data Feed Release @@ -29,57 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231707 +231713 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `6` -* [CVE-2023-49079](CVE-2023/CVE-2023-490xx/CVE-2023-49079.json) (`2023-11-29T19:15:07.713`) -* [CVE-2023-49083](CVE-2023/CVE-2023-490xx/CVE-2023-49083.json) (`2023-11-29T19:15:07.967`) -* [CVE-2023-44383](CVE-2023/CVE-2023-443xx/CVE-2023-44383.json) (`2023-11-29T20:15:07.573`) -* [CVE-2023-48945](CVE-2023/CVE-2023-489xx/CVE-2023-48945.json) (`2023-11-29T20:15:07.797`) -* [CVE-2023-48946](CVE-2023/CVE-2023-489xx/CVE-2023-48946.json) (`2023-11-29T20:15:07.850`) -* [CVE-2023-48947](CVE-2023/CVE-2023-489xx/CVE-2023-48947.json) (`2023-11-29T20:15:07.897`) -* [CVE-2023-48948](CVE-2023/CVE-2023-489xx/CVE-2023-48948.json) (`2023-11-29T20:15:07.940`) -* [CVE-2023-48949](CVE-2023/CVE-2023-489xx/CVE-2023-48949.json) (`2023-11-29T20:15:07.990`) -* [CVE-2023-48950](CVE-2023/CVE-2023-489xx/CVE-2023-48950.json) (`2023-11-29T20:15:08.033`) -* [CVE-2023-48951](CVE-2023/CVE-2023-489xx/CVE-2023-48951.json) (`2023-11-29T20:15:08.087`) -* [CVE-2023-48952](CVE-2023/CVE-2023-489xx/CVE-2023-48952.json) (`2023-11-29T20:15:08.133`) -* [CVE-2023-49082](CVE-2023/CVE-2023-490xx/CVE-2023-49082.json) (`2023-11-29T20:15:08.180`) -* [CVE-2023-49091](CVE-2023/CVE-2023-490xx/CVE-2023-49091.json) (`2023-11-29T20:15:08.390`) +* [CVE-2022-42536](CVE-2022/CVE-2022-425xx/CVE-2022-42536.json) (`2023-11-29T22:15:07.110`) +* [CVE-2022-42537](CVE-2022/CVE-2022-425xx/CVE-2022-42537.json) (`2023-11-29T22:15:07.173`) +* [CVE-2022-42538](CVE-2022/CVE-2022-425xx/CVE-2022-42538.json) (`2023-11-29T22:15:07.220`) +* [CVE-2022-42539](CVE-2022/CVE-2022-425xx/CVE-2022-42539.json) (`2023-11-29T22:15:07.267`) +* [CVE-2022-42540](CVE-2022/CVE-2022-425xx/CVE-2022-42540.json) (`2023-11-29T22:15:07.317`) +* [CVE-2022-42541](CVE-2022/CVE-2022-425xx/CVE-2022-42541.json) (`2023-11-29T22:15:07.363`) ### CVEs modified in the last Commit -Recently modified CVEs: `43` +Recently modified CVEs: `10` -* [CVE-2023-48292](CVE-2023/CVE-2023-482xx/CVE-2023-48292.json) (`2023-11-29T20:44:39.200`) -* [CVE-2023-48241](CVE-2023/CVE-2023-482xx/CVE-2023-48241.json) (`2023-11-29T20:49:19.453`) -* [CVE-2023-48240](CVE-2023/CVE-2023-482xx/CVE-2023-48240.json) (`2023-11-29T20:50:43.763`) -* [CVE-2023-48223](CVE-2023/CVE-2023-482xx/CVE-2023-48223.json) (`2023-11-29T20:51:09.670`) -* [CVE-2023-48221](CVE-2023/CVE-2023-482xx/CVE-2023-48221.json) (`2023-11-29T20:51:57.723`) -* [CVE-2023-40363](CVE-2023/CVE-2023-403xx/CVE-2023-40363.json) (`2023-11-29T20:52:14.260`) -* [CVE-2023-48218](CVE-2023/CVE-2023-482xx/CVE-2023-48218.json) (`2023-11-29T20:52:27.770`) -* [CVE-2023-38361](CVE-2023/CVE-2023-383xx/CVE-2023-38361.json) (`2023-11-29T20:52:28.337`) -* [CVE-2023-35762](CVE-2023/CVE-2023-357xx/CVE-2023-35762.json) (`2023-11-29T20:52:44.790`) -* [CVE-2023-43177](CVE-2023/CVE-2023-431xx/CVE-2023-43177.json) (`2023-11-29T20:52:51.427`) -* [CVE-2023-29155](CVE-2023/CVE-2023-291xx/CVE-2023-29155.json) (`2023-11-29T20:52:57.780`) -* [CVE-2023-49090](CVE-2023/CVE-2023-490xx/CVE-2023-49090.json) (`2023-11-29T20:53:05.993`) -* [CVE-2023-48880](CVE-2023/CVE-2023-488xx/CVE-2023-48880.json) (`2023-11-29T20:53:05.993`) -* [CVE-2023-48881](CVE-2023/CVE-2023-488xx/CVE-2023-48881.json) (`2023-11-29T20:53:05.993`) -* [CVE-2023-48882](CVE-2023/CVE-2023-488xx/CVE-2023-48882.json) (`2023-11-29T20:53:05.993`) -* [CVE-2023-6217](CVE-2023/CVE-2023-62xx/CVE-2023-6217.json) (`2023-11-29T20:53:05.993`) -* [CVE-2023-6218](CVE-2023/CVE-2023-62xx/CVE-2023-6218.json) (`2023-11-29T20:53:05.993`) -* [CVE-2023-48294](CVE-2023/CVE-2023-482xx/CVE-2023-48294.json) (`2023-11-29T20:53:09.650`) -* [CVE-2023-48238](CVE-2023/CVE-2023-482xx/CVE-2023-48238.json) (`2023-11-29T20:53:34.610`) -* [CVE-2023-41808](CVE-2023/CVE-2023-418xx/CVE-2023-41808.json) (`2023-11-29T20:56:06.170`) -* [CVE-2023-41807](CVE-2023/CVE-2023-418xx/CVE-2023-41807.json) (`2023-11-29T20:56:44.663`) -* [CVE-2023-41806](CVE-2023/CVE-2023-418xx/CVE-2023-41806.json) (`2023-11-29T20:57:54.670`) -* [CVE-2023-41792](CVE-2023/CVE-2023-417xx/CVE-2023-41792.json) (`2023-11-29T20:58:31.503`) -* [CVE-2023-41791](CVE-2023/CVE-2023-417xx/CVE-2023-41791.json) (`2023-11-29T20:58:51.777`) -* [CVE-2023-41790](CVE-2023/CVE-2023-417xx/CVE-2023-41790.json) (`2023-11-29T20:59:23.030`) +* [CVE-2022-28958](CVE-2022/CVE-2022-289xx/CVE-2022-28958.json) (`2023-11-29T21:15:07.480`) +* [CVE-2023-41789](CVE-2023/CVE-2023-417xx/CVE-2023-41789.json) (`2023-11-29T21:01:34.793`) +* [CVE-2023-41788](CVE-2023/CVE-2023-417xx/CVE-2023-41788.json) (`2023-11-29T21:02:14.287`) +* [CVE-2023-41787](CVE-2023/CVE-2023-417xx/CVE-2023-41787.json) (`2023-11-29T21:04:56.717`) +* [CVE-2023-49083](CVE-2023/CVE-2023-490xx/CVE-2023-49083.json) (`2023-11-29T21:15:07.823`) +* [CVE-2023-5368](CVE-2023/CVE-2023-53xx/CVE-2023-5368.json) (`2023-11-29T21:15:07.940`) +* [CVE-2023-4595](CVE-2023/CVE-2023-45xx/CVE-2023-4595.json) (`2023-11-29T21:23:11.087`) +* [CVE-2023-4594](CVE-2023/CVE-2023-45xx/CVE-2023-4594.json) (`2023-11-29T21:23:22.717`) +* [CVE-2023-4593](CVE-2023/CVE-2023-45xx/CVE-2023-4593.json) (`2023-11-29T21:23:46.107`) +* [CVE-2023-4406](CVE-2023/CVE-2023-44xx/CVE-2023-4406.json) (`2023-11-29T21:24:04.640`) ## Download and Usage