From b797beb6f6c061ae90965ba2275d6fdece0b32a6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 27 Sep 2023 22:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-27T22:00:25.086394+00:00 --- CVE-2018/CVE-2018-122xx/CVE-2018-12207.json | 18 +-- CVE-2022/CVE-2022-18xx/CVE-2022-1822.json | 6 +- CVE-2022/CVE-2022-260xx/CVE-2022-26047.json | 8 +- CVE-2022/CVE-2022-390xx/CVE-2022-39028.json | 18 ++- CVE-2023/CVE-2023-294xx/CVE-2023-29497.json | 65 ++++++++++- CVE-2023/CVE-2023-400xx/CVE-2023-40026.json | 59 ++++++++++ CVE-2023/CVE-2023-400xx/CVE-2023-40048.json | 62 ++++++++++- CVE-2023/CVE-2023-400xx/CVE-2023-40049.json | 62 ++++++++++- CVE-2023/CVE-2023-402xx/CVE-2023-40219.json | 70 +++++++++++- CVE-2023/CVE-2023-40xx/CVE-2023-4066.json | 51 +++++++++ CVE-2023/CVE-2023-412xx/CVE-2023-41233.json | 70 +++++++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42818.json | 55 +++++++++ CVE-2023/CVE-2023-434xx/CVE-2023-43484.json | 70 +++++++++++- CVE-2023/CVE-2023-434xx/CVE-2023-43493.json | 70 +++++++++++- CVE-2023/CVE-2023-436xx/CVE-2023-43610.json | 70 +++++++++++- CVE-2023/CVE-2023-436xx/CVE-2023-43651.json | 55 +++++++++ CVE-2023/CVE-2023-436xx/CVE-2023-43656.json | 59 ++++++++++ CVE-2023/CVE-2023-440xx/CVE-2023-44047.json | 20 ++++ CVE-2023/CVE-2023-440xx/CVE-2023-44048.json | 20 ++++ CVE-2023/CVE-2023-48xx/CVE-2023-4863.json | 8 +- CVE-2023/CVE-2023-51xx/CVE-2023-5129.json | 117 +------------------- README.md | 80 +++++-------- 22 files changed, 888 insertions(+), 225 deletions(-) create mode 100644 CVE-2023/CVE-2023-400xx/CVE-2023-40026.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4066.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42818.json create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43651.json create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43656.json create mode 100644 CVE-2023/CVE-2023-440xx/CVE-2023-44047.json create mode 100644 CVE-2023/CVE-2023-440xx/CVE-2023-44048.json diff --git a/CVE-2018/CVE-2018-122xx/CVE-2018-12207.json b/CVE-2018/CVE-2018-122xx/CVE-2018-12207.json index 57ba7dbb6d7..76716e55f65 100644 --- a/CVE-2018/CVE-2018-122xx/CVE-2018-12207.json +++ b/CVE-2018/CVE-2018-122xx/CVE-2018-12207.json @@ -2,7 +2,7 @@ "id": "CVE-2018-12207", "sourceIdentifier": "secure@intel.com", "published": "2019-11-14T20:15:11.133", - "lastModified": "2023-09-25T22:11:08.627", + "lastModified": "2023-09-27T20:51:38.353", "vulnStatus": "Analyzed", "descriptions": [ { @@ -6565,8 +6565,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:intel:xeon_gold_6240y__firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "BB1D576D-5667-4513-9F5E-DCEE2E5A8882" + "criteria": "cpe:2.3:o:intel:xeon_gold_6240y_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19C76503-5F56-4C2B-8973-A3F94B1345DF" } ] }, @@ -6619,8 +6619,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:intel:xeon_gold_6240l__firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "30496896-210D-49CA-B0F9-ED5FD912B8D2" + "criteria": "cpe:2.3:o:intel:xeon_gold_6240l_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E317001-0126-4B64-85AE-04AEC9954085" } ] }, @@ -6970,8 +6970,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:intel:xeon_gold_5220t__firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "37EA0B46-727D-432E-A8F5-0977900D9B1B" + "criteria": "cpe:2.3:o:intel:xeon_gold_5220t_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8141C47E-4F0B-498E-8B18-264E90448C3B" } ] }, @@ -7051,8 +7051,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:intel:xeon_gold_5218t__firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "FA339BD7-4BB3-4AD4-A5B7-07A59C3450F3" + "criteria": "cpe:2.3:o:intel:xeon_gold_5218t_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2411CF40-9A5F-4138-9111-84087A30050F" } ] }, diff --git a/CVE-2022/CVE-2022-18xx/CVE-2022-1822.json b/CVE-2022/CVE-2022-18xx/CVE-2022-1822.json index a45698a27c6..8a9b7fc4025 100644 --- a/CVE-2022/CVE-2022-18xx/CVE-2022-1822.json +++ b/CVE-2022/CVE-2022-18xx/CVE-2022-1822.json @@ -2,7 +2,7 @@ "id": "CVE-2022-1822", "sourceIdentifier": "security@wordfence.com", "published": "2022-06-13T13:15:13.223", - "lastModified": "2022-06-21T16:21:45.333", + "lastModified": "2023-09-27T21:06:35.427", "vulnStatus": "Analyzed", "descriptions": [ { @@ -104,9 +104,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:zephyr_project_manager_project:zephyr_project_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "3.2.41", - "matchCriteriaId": "696E49C2-2170-4EAF-BEC1-B27EB94C592E" + "matchCriteriaId": "C9548174-E7B5-415D-97B0-F585FC2A27A4" } ] } diff --git a/CVE-2022/CVE-2022-260xx/CVE-2022-26047.json b/CVE-2022/CVE-2022-260xx/CVE-2022-26047.json index 5a2a2506fc3..16a0d4e7756 100644 --- a/CVE-2022/CVE-2022-260xx/CVE-2022-26047.json +++ b/CVE-2022/CVE-2022-260xx/CVE-2022-26047.json @@ -2,7 +2,7 @@ "id": "CVE-2022-26047", "sourceIdentifier": "secure@intel.com", "published": "2022-11-11T16:15:12.333", - "lastModified": "2022-11-18T17:19:58.020", + "lastModified": "2023-09-27T20:53:06.763", "vulnStatus": "Analyzed", "descriptions": [ { @@ -68,7 +68,6 @@ ], "configurations": [ { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -2390,11 +2389,6 @@ "criteria": "cpe:2.3:o:intel:core_i7-8705g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "88971837-5ED9-442C-BAF2-1C6C31105EB8" }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:intel:core_i7-8706g__firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "63BB97D2-A2D2-4D77-977E-0F26CF6D0279" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:intel:core_i7-8706g_firmware:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39028.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39028.json index 9668ebb8baa..45cfcabf7ec 100644 --- a/CVE-2022/CVE-2022-390xx/CVE-2022-39028.json +++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39028.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39028", "sourceIdentifier": "cve@mitre.org", "published": "2022-08-30T05:15:08.117", - "lastModified": "2022-11-29T17:35:14.020", + "lastModified": "2023-09-27T20:10:25.007", "vulnStatus": "Analyzed", "descriptions": [ { @@ -97,6 +97,22 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netkit-telnet_project:netkit-telnet:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.17", + "matchCriteriaId": "C0EF3431-0075-4A40-BAC6-28C9F08315A2" + } + ] + } + ] } ], "references": [ diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29497.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29497.json index fc34464ed3e..6abad4f0cc1 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29497.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29497.json @@ -2,19 +2,76 @@ "id": "CVE-2023-29497", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-27T15:18:49.990", - "lastModified": "2023-09-27T15:41:55.530", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-27T20:20:36.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213940", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40026.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40026.json new file mode 100644 index 00000000000..7399e7597ed --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40026.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-40026", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-27T21:15:09.713", + "lastModified": "2023-09-27T21:15:09.713", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User's still using Argo CD 2.3 or below are advised to update to a supported version. If this is not possible, disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6jqw-jwf5-rp8h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40048.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40048.json index 8c8c0a1acb3..2a89c5b0d5c 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40048.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40048.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40048", "sourceIdentifier": "security@progress.com", "published": "2023-09-27T15:19:00.010", - "lastModified": "2023-09-27T16:21:26.600", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-27T20:01:36.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.8.2", + "matchCriteriaId": "D83F473A-56DC-4CC4-8831-EA78D4DC1539" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.progress.com/ws_ftp", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40049.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40049.json index 681dfb6ec46..ec0a1841465 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40049.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40049.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40049", "sourceIdentifier": "security@progress.com", "published": "2023-09-27T15:19:01.013", - "lastModified": "2023-09-27T16:21:28.400", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-27T20:06:23.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.8.2", + "matchCriteriaId": "D83F473A-56DC-4CC4-8831-EA78D4DC1539" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.progress.com/ws_ftp", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40219.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40219.json index 37c7a9f57c3..4c3f1f28c1b 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40219.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40219.json @@ -2,23 +2,83 @@ "id": "CVE-2023-40219", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-27T15:19:02.237", - "lastModified": "2023-09-27T15:40:54.270", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-27T20:19:39.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "2.7", + "versionEndIncluding": "2.8.21", + "matchCriteriaId": "3A07E8A8-4F65-42E9-8AFE-B5E4A7D23CCF" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97197972/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.welcart.com/archives/20106.html", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4066.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4066.json new file mode 100644 index 00000000000..311b3c85114 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4066.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-4066", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-09-27T21:15:10.550", + "lastModified": "2023-09-27T21:15:10.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:4720", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4066", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224677", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41233.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41233.json index 652bdc794a1..f7634d6e192 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41233.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41233.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41233", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-27T15:19:27.050", - "lastModified": "2023-09-27T15:41:42.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-27T20:15:42.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "2.7", + "versionEndIncluding": "2.8.21", + "matchCriteriaId": "3A07E8A8-4F65-42E9-8AFE-B5E4A7D23CCF" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97197972/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.welcart.com/archives/20106.html", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42818.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42818.json new file mode 100644 index 00000000000..e34bfed1a20 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42818.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-42818", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-27T21:15:10.173", + "lastModified": "2023-09-27T21:15:10.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-jv3c-27cv-w8jv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43484.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43484.json index 997c4abedc0..a7746816266 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43484.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43484.json @@ -2,23 +2,83 @@ "id": "CVE-2023-43484", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-27T15:19:34.103", - "lastModified": "2023-09-27T15:41:42.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-27T20:25:34.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "2.7", + "versionEndIncluding": "2.8.21", + "matchCriteriaId": "3A07E8A8-4F65-42E9-8AFE-B5E4A7D23CCF" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97197972/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.welcart.com/archives/20106.html", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43493.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43493.json index e9ae7317c84..8030c7558a3 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43493.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43493.json @@ -2,23 +2,83 @@ "id": "CVE-2023-43493", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-27T15:19:34.157", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-27T20:51:26.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "2.7", + "versionEndIncluding": "2.8.21", + "matchCriteriaId": "3A07E8A8-4F65-42E9-8AFE-B5E4A7D23CCF" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97197972/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.welcart.com/archives/20106.html", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43610.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43610.json index 6ece32e4dda..6074b66f8a4 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43610.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43610.json @@ -2,23 +2,83 @@ "id": "CVE-2023-43610", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-27T15:19:34.217", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-27T21:07:01.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "2.7", + "versionEndIncluding": "2.8.21", + "matchCriteriaId": "3A07E8A8-4F65-42E9-8AFE-B5E4A7D23CCF" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97197972/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.welcart.com/archives/20106.html", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43651.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43651.json new file mode 100644 index 00000000000..d145c1f89c5 --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43651.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-43651", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-27T21:15:10.347", + "lastModified": "2023-09-27T21:15:10.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43656.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43656.json new file mode 100644 index 00000000000..c0724f62a4d --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43656.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43656", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-27T21:15:10.443", + "lastModified": "2023-09-27T21:15:10.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.4, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/matrix-org/matrix-hookshot/commit/dc126afa6af86d66aefcd23a825326f405bcc894", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/matrix-hookshot/security/advisories/GHSA-fr97-pv6w-4cj6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44047.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44047.json new file mode 100644 index 00000000000..2f7a0c15c11 --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44047.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-44047", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-27T20:15:09.850", + "lastModified": "2023-09-27T20:15:09.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/xcodeOn1/SQLI-TollTax/blob/main/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44048.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44048.json new file mode 100644 index 00000000000..fd6aa0489d2 --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44048.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-44048", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-27T20:15:13.493", + "lastModified": "2023-09-27T20:15:13.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App/tree/main", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json index 300d1c436fe..d19a13049ea 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4863", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T15:15:24.327", - "lastModified": "2023-09-27T15:19:41.107", + "lastModified": "2023-09-27T20:15:14.377", "vulnStatus": "Modified", "cisaExploitAdd": "2023-09-13", "cisaActionDue": "2023-10-04", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)" + "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)" }, { "lang": "es", @@ -233,6 +233,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1", "source": "chrome-cve-admin@google.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5129.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5129.json index 1871d1dfffd..bdb903854ac 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5129.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5129.json @@ -2,121 +2,14 @@ "id": "CVE-2023-5129", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-25T21:15:16.667", - "lastModified": "2023-09-27T15:19:41.593", - "vulnStatus": "Modified", + "lastModified": "2023-09-27T21:15:11.940", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.\n\nThe ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.\n\nThe kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.\n\n" - }, - { - "lang": "es", - "value": "\"Con un archivo WebP sin p\u00e9rdidas especialmente manipulado, libwebp puede escribir datos fuera de los l\u00edmites del mont\u00f3n. La funci\u00f3n ReadHuffmanCodes() asigna el b\u00fafer HuffmanCode con un tama\u00f1o que proviene de una matriz de tama\u00f1os precalculados: \nkTableSize. \nEl valor color_cache_bits define qu\u00e9 tama\u00f1o usar.\n La matriz kTableSize solo tiene en cuenta los tama\u00f1os para b\u00fasquedas de tablas de primer nivel de 8 bits, pero no para b\u00fasquedas de tablas de segundo nivel.\n libwebp permite c\u00f3digos de hasta 15 bits (MAX_ALLOWED_CODE_LENGTH). \nCuando BuildHuffmanTable() intenta llenar las tablas de segundo nivel, puede escribir datos fuera de los l\u00edmites. La escritura OOB en la matriz de tama\u00f1o insuficiente ocurre en ReplicateValue.\"" + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 10.0, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 6.0 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-787" - } - ] - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-20" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*", - "versionStartIncluding": "0.5.0", - "versionEndExcluding": "1.3.2", - "matchCriteriaId": "C4EDD159-D377-4070-861C-8D5E92E6C3B4" - } - ] - } - ] - } - ], - "references": [ - { - "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1", - "source": "cve-coordination@google.com" - }, - { - "url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", - "source": "cve-coordination@google.com", - "tags": [ - "Patch" - ] - }, - { - "url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", - "source": "cve-coordination@google.com", - "tags": [ - "Patch" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/README.md b/README.md index 0a78e66654d..7165165451d 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-27T20:00:25.696695+00:00 +2023-09-27T22:00:25.086394+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-27T19:58:58.307000+00:00 +2023-09-27T21:15:11.940000+00:00 ``` ### Last Data Feed Release @@ -29,68 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226462 +226469 ``` ### CVEs added in the last Commit -Recently added CVEs: `24` +Recently added CVEs: `7` -* [CVE-2023-20033](CVE-2023/CVE-2023-200xx/CVE-2023-20033.json) (`2023-09-27T18:15:10.687`) -* [CVE-2023-20034](CVE-2023/CVE-2023-200xx/CVE-2023-20034.json) (`2023-09-27T18:15:10.793`) -* [CVE-2023-20109](CVE-2023/CVE-2023-201xx/CVE-2023-20109.json) (`2023-09-27T18:15:10.860`) -* [CVE-2023-20176](CVE-2023/CVE-2023-201xx/CVE-2023-20176.json) (`2023-09-27T18:15:10.923`) -* [CVE-2023-20179](CVE-2023/CVE-2023-201xx/CVE-2023-20179.json) (`2023-09-27T18:15:10.987`) -* [CVE-2023-20186](CVE-2023/CVE-2023-201xx/CVE-2023-20186.json) (`2023-09-27T18:15:11.050`) -* [CVE-2023-20187](CVE-2023/CVE-2023-201xx/CVE-2023-20187.json) (`2023-09-27T18:15:11.117`) -* [CVE-2023-20202](CVE-2023/CVE-2023-202xx/CVE-2023-20202.json) (`2023-09-27T18:15:11.177`) -* [CVE-2023-20223](CVE-2023/CVE-2023-202xx/CVE-2023-20223.json) (`2023-09-27T18:15:11.240`) -* [CVE-2023-20226](CVE-2023/CVE-2023-202xx/CVE-2023-20226.json) (`2023-09-27T18:15:11.307`) -* [CVE-2023-20227](CVE-2023/CVE-2023-202xx/CVE-2023-20227.json) (`2023-09-27T18:15:11.370`) -* [CVE-2023-20231](CVE-2023/CVE-2023-202xx/CVE-2023-20231.json) (`2023-09-27T18:15:11.430`) -* [CVE-2023-20251](CVE-2023/CVE-2023-202xx/CVE-2023-20251.json) (`2023-09-27T18:15:11.493`) -* [CVE-2023-20252](CVE-2023/CVE-2023-202xx/CVE-2023-20252.json) (`2023-09-27T18:15:11.553`) -* [CVE-2023-20253](CVE-2023/CVE-2023-202xx/CVE-2023-20253.json) (`2023-09-27T18:15:11.620`) -* [CVE-2023-20254](CVE-2023/CVE-2023-202xx/CVE-2023-20254.json) (`2023-09-27T18:15:11.690`) -* [CVE-2023-20262](CVE-2023/CVE-2023-202xx/CVE-2023-20262.json) (`2023-09-27T18:15:11.757`) -* [CVE-2023-20268](CVE-2023/CVE-2023-202xx/CVE-2023-20268.json) (`2023-09-27T18:15:11.827`) -* [CVE-2023-42822](CVE-2023/CVE-2023-428xx/CVE-2023-42822.json) (`2023-09-27T18:15:11.903`) -* [CVE-2023-5184](CVE-2023/CVE-2023-51xx/CVE-2023-5184.json) (`2023-09-27T18:15:11.997`) -* [CVE-2023-33972](CVE-2023/CVE-2023-339xx/CVE-2023-33972.json) (`2023-09-27T19:15:11.497`) -* [CVE-2023-43650](CVE-2023/CVE-2023-436xx/CVE-2023-43650.json) (`2023-09-27T19:15:11.927`) -* [CVE-2023-43652](CVE-2023/CVE-2023-436xx/CVE-2023-43652.json) (`2023-09-27T19:15:12.133`) -* [CVE-2023-4523](CVE-2023/CVE-2023-45xx/CVE-2023-4523.json) (`2023-09-27T19:15:12.373`) +* [CVE-2023-44047](CVE-2023/CVE-2023-440xx/CVE-2023-44047.json) (`2023-09-27T20:15:09.850`) +* [CVE-2023-44048](CVE-2023/CVE-2023-440xx/CVE-2023-44048.json) (`2023-09-27T20:15:13.493`) +* [CVE-2023-40026](CVE-2023/CVE-2023-400xx/CVE-2023-40026.json) (`2023-09-27T21:15:09.713`) +* [CVE-2023-42818](CVE-2023/CVE-2023-428xx/CVE-2023-42818.json) (`2023-09-27T21:15:10.173`) +* [CVE-2023-43651](CVE-2023/CVE-2023-436xx/CVE-2023-43651.json) (`2023-09-27T21:15:10.347`) +* [CVE-2023-43656](CVE-2023/CVE-2023-436xx/CVE-2023-43656.json) (`2023-09-27T21:15:10.443`) +* [CVE-2023-4066](CVE-2023/CVE-2023-40xx/CVE-2023-4066.json) (`2023-09-27T21:15:10.550`) ### CVEs modified in the last Commit -Recently modified CVEs: `48` +Recently modified CVEs: `14` -* [CVE-2023-44018](CVE-2023/CVE-2023-440xx/CVE-2023-44018.json) (`2023-09-27T18:45:19.397`) -* [CVE-2023-30959](CVE-2023/CVE-2023-309xx/CVE-2023-30959.json) (`2023-09-27T18:45:25.593`) -* [CVE-2023-44017](CVE-2023/CVE-2023-440xx/CVE-2023-44017.json) (`2023-09-27T18:45:25.770`) -* [CVE-2023-44016](CVE-2023/CVE-2023-440xx/CVE-2023-44016.json) (`2023-09-27T18:45:36.290`) -* [CVE-2023-44015](CVE-2023/CVE-2023-440xx/CVE-2023-44015.json) (`2023-09-27T18:45:44.000`) -* [CVE-2023-44014](CVE-2023/CVE-2023-440xx/CVE-2023-44014.json) (`2023-09-27T18:45:53.000`) -* [CVE-2023-44013](CVE-2023/CVE-2023-440xx/CVE-2023-44013.json) (`2023-09-27T18:45:57.737`) -* [CVE-2023-44023](CVE-2023/CVE-2023-440xx/CVE-2023-44023.json) (`2023-09-27T18:46:31.760`) -* [CVE-2023-44022](CVE-2023/CVE-2023-440xx/CVE-2023-44022.json) (`2023-09-27T18:46:35.543`) -* [CVE-2023-40330](CVE-2023/CVE-2023-403xx/CVE-2023-40330.json) (`2023-09-27T18:47:35.547`) -* [CVE-2023-40333](CVE-2023/CVE-2023-403xx/CVE-2023-40333.json) (`2023-09-27T18:47:40.483`) -* [CVE-2023-32361](CVE-2023/CVE-2023-323xx/CVE-2023-32361.json) (`2023-09-27T18:48:04.810`) -* [CVE-2023-32377](CVE-2023/CVE-2023-323xx/CVE-2023-32377.json) (`2023-09-27T18:54:01.467`) -* [CVE-2023-32396](CVE-2023/CVE-2023-323xx/CVE-2023-32396.json) (`2023-09-27T18:58:25.643`) -* [CVE-2023-32421](CVE-2023/CVE-2023-324xx/CVE-2023-32421.json) (`2023-09-27T19:01:26.557`) -* [CVE-2023-35074](CVE-2023/CVE-2023-350xx/CVE-2023-35074.json) (`2023-09-27T19:05:29.060`) -* [CVE-2023-35984](CVE-2023/CVE-2023-359xx/CVE-2023-35984.json) (`2023-09-27T19:09:38.193`) -* [CVE-2023-37448](CVE-2023/CVE-2023-374xx/CVE-2023-37448.json) (`2023-09-27T19:10:21.997`) -* [CVE-2023-3767](CVE-2023/CVE-2023-37xx/CVE-2023-3767.json) (`2023-09-27T19:18:03.020`) -* [CVE-2023-40044](CVE-2023/CVE-2023-400xx/CVE-2023-40044.json) (`2023-09-27T19:22:39.417`) -* [CVE-2023-40045](CVE-2023/CVE-2023-400xx/CVE-2023-40045.json) (`2023-09-27T19:24:47.143`) -* [CVE-2023-40046](CVE-2023/CVE-2023-400xx/CVE-2023-40046.json) (`2023-09-27T19:33:00.803`) -* [CVE-2023-28790](CVE-2023/CVE-2023-287xx/CVE-2023-28790.json) (`2023-09-27T19:42:11.487`) -* [CVE-2023-2315](CVE-2023/CVE-2023-23xx/CVE-2023-2315.json) (`2023-09-27T19:52:30.920`) -* [CVE-2023-40047](CVE-2023/CVE-2023-400xx/CVE-2023-40047.json) (`2023-09-27T19:58:58.307`) +* [CVE-2018-12207](CVE-2018/CVE-2018-122xx/CVE-2018-12207.json) (`2023-09-27T20:51:38.353`) +* [CVE-2022-39028](CVE-2022/CVE-2022-390xx/CVE-2022-39028.json) (`2023-09-27T20:10:25.007`) +* [CVE-2022-26047](CVE-2022/CVE-2022-260xx/CVE-2022-26047.json) (`2023-09-27T20:53:06.763`) +* [CVE-2022-1822](CVE-2022/CVE-2022-18xx/CVE-2022-1822.json) (`2023-09-27T21:06:35.427`) +* [CVE-2023-40048](CVE-2023/CVE-2023-400xx/CVE-2023-40048.json) (`2023-09-27T20:01:36.307`) +* [CVE-2023-40049](CVE-2023/CVE-2023-400xx/CVE-2023-40049.json) (`2023-09-27T20:06:23.097`) +* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-27T20:15:14.377`) +* [CVE-2023-41233](CVE-2023/CVE-2023-412xx/CVE-2023-41233.json) (`2023-09-27T20:15:42.197`) +* [CVE-2023-40219](CVE-2023/CVE-2023-402xx/CVE-2023-40219.json) (`2023-09-27T20:19:39.753`) +* [CVE-2023-29497](CVE-2023/CVE-2023-294xx/CVE-2023-29497.json) (`2023-09-27T20:20:36.517`) +* [CVE-2023-43484](CVE-2023/CVE-2023-434xx/CVE-2023-43484.json) (`2023-09-27T20:25:34.200`) +* [CVE-2023-43493](CVE-2023/CVE-2023-434xx/CVE-2023-43493.json) (`2023-09-27T20:51:26.677`) +* [CVE-2023-43610](CVE-2023/CVE-2023-436xx/CVE-2023-43610.json) (`2023-09-27T21:07:01.437`) +* [CVE-2023-5129](CVE-2023/CVE-2023-51xx/CVE-2023-5129.json) (`2023-09-27T21:15:11.940`) ## Download and Usage