admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-11T22:00:25.256888+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-11 22:00:28 +00:00
parent 8985c6166c
commit d40e901daa
46 changed files with 1778 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-239xx/CVE-2023-23930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23930",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-11T18:15:10.037",
"lastModified": "2023-10-11T19:15:10.023",
"vulnStatus": "Received",
"lastModified": "2023-10-11T21:04:52.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-286xx/CVE-2023-28635.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-28635",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-11T20:15:09.893",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/pull/744",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-7x94-6g2m-3hp2",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-356xx/CVE-2023-35645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35645",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T19:15:10.123",
"lastModified": "2023-10-11T19:15:10.123",
"vulnStatus": "Received",
"lastModified": "2023-10-11T21:04:52.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-356xx/CVE-2023-35646.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35646",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:09.993",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35647.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35647",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.043",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35648.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35648",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.090",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35649.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35649",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.140",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35652.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35652",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.187",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35653.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35653",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.233",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35654.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35654",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.280",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35655.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35655",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.330",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35660.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35660",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.380",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35661.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35661",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.427",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35662.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35662",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.477",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-37xx/CVE-2023-3781.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-3781",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-10-11T21:15:09.733",
"lastModified": "2023-10-11T21:15:09.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "dsap-vuln-management@google.com"
}
]
}

4
CVE-2023/CVE-2023-388xx/CVE-2023-38817.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38817",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-11T19:15:10.180",
"lastModified": "2023-10-11T19:15:10.180",
"vulnStatus": "Received",
"lastModified": "2023-10-11T21:04:52.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

102
CVE-2023/CVE-2023-391xx/CVE-2023-39192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39192",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-09T18:15:10.233",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:48:57.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,18 +58,90 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39192",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226784",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

108
CVE-2023/CVE-2023-391xx/CVE-2023-39193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39193",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-09T18:15:10.303",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:46:48.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,18 +58,96 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39193",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226787",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

138
CVE-2023/CVE-2023-391xx/CVE-2023-39194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39194",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-09T18:15:10.367",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:41:27.203",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,18 +58,126 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2226A776-DF8C-49E0-A030-0A7853BB018A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6F15C659-DF06-455A-9765-0E6DE920F29A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*",
"matchCriteriaId": "5B1C14ED-ABC4-41D3-8D9C-D38C6A65B4DE"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39194",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226788",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

20
CVE-2023/CVE-2023-401xx/CVE-2023-40141.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40141",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.527",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-401xx/CVE-2023-40142.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40142",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.567",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
"source": "security@android.com"
}
]
}

47
CVE-2023/CVE-2023-416xx/CVE-2023-41660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41660",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T14:15:10.723",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T21:05:59.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpsynchro:wp_synchro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.1",
"matchCriteriaId": "BC0C163E-E3F1-45EF-94DD-90B652C6E5F7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpsynchro/wordpress-wordpress-migration-plugin-db-files-wp-synchro-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-416xx/CVE-2023-41668.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41668",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T18:15:10.527",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:34:24.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leadster:leadster:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.2",
"matchCriteriaId": "EBD66F17-A91B-4E82-9662-17EE2BFD7559"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/leadster-marketing-conversacional/wordpress-leadster-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-416xx/CVE-2023-41669.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41669",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T19:15:10.207",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:21:17.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:daext:live_news:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.06",
"matchCriteriaId": "C3EA7968-CA0E-4987-8648-40F3ADF798A5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/live-news-lite/wordpress-live-news-plugin-1-06-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-416xx/CVE-2023-41670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41670",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T19:15:10.293",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:19:29.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palasthotel:use_memcached:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.4",
"matchCriteriaId": "BEF6DA2F-75EA-487D-BCE0-31DF53307ABC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/use-memcached/wordpress-use-memcached-plugin-1-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-416xx/CVE-2023-41672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41672",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T19:15:10.373",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:10:43.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remileclercq:hide_admin_notices_-_admin_notification_center_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.2",
"matchCriteriaId": "6BB0FB7D-651D-49E2-A64D-3E98F49676DC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-admin-notification-center/wordpress-hide-admin-notices-admin-notification-center-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-416xx/CVE-2023-41697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41697",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T08:15:10.983",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:53:34.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nikunjsoni:easy_wp_cleaner:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9",
"matchCriteriaId": "C0286527-7237-48BF-8421-FB07AB2C65F5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-wp-cleaner/wordpress-easy-wp-cleaner-plugin-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-417xx/CVE-2023-41730.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41730",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T08:15:11.057",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:51:55.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pressified:sendpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.22.3.31",
"matchCriteriaId": "D46908F6-C7E4-44DB-9047-99CEF076E36A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41876.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41876",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T09:15:10.250",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:55:32.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp_gallery_metabox_project:wp_gallery_metabox:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.0",
"matchCriteriaId": "DD1480AA-91C2-4DDE-A09F-DCE401E672A9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-gallery-metabox/wordpress-wp-gallery-metabox-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-418xx/CVE-2023-41881.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-41881",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-11T20:15:10.617",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.6,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-708"
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/pull/748",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-418xx/CVE-2023-41882.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-41882",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-11T20:15:10.700",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/pull/711",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-gc57-xhh5-m94r",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-436xx/CVE-2023-43641.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43641",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-09T22:15:12.707",
"lastModified": "2023-10-11T17:15:10.970",
"lastModified": "2023-10-11T21:15:09.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -66,6 +66,10 @@
{
"url": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-436xx/CVE-2023-43661.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43661",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-11T20:15:10.787",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-439xx/CVE-2023-43960.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43960",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-11T18:15:10.137",
"lastModified": "2023-10-11T18:15:10.137",
"vulnStatus": "Received",
"lastModified": "2023-10-11T21:04:52.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-441xx/CVE-2023-44186.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44186",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-11T21:15:09.890",
"lastModified": "2023-10-11T21:15:09.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73150",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44187.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44187",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-11T21:15:09.970",
"lastModified": "2023-10-11T21:15:09.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 20.4R3-S7-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S5-EVO;\n * 21.3 versions prior to 21.3R3-S4-EVO;\n * 21.4 versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R2-EVO.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73151",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44188.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44188",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-11T21:15:10.047",
"lastModified": "2023-10-11T21:15:10.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition.\n\nThis issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart.\n\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * 20.4 versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S2, 22.4R3;\n * 23.1 versions prior to 23.1R2;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73152",
"source": "sirt@juniper.net"
}
]
}

78
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-11T07:15:11.030",
"lastModified": "2023-10-11T21:15:10.127",
"vulnStatus": "Awaiting Analysis",
"cisaExploitAdd": "2023-10-10",
"cisaActionDue": "2023-10-31",
@ -12,10 +12,18 @@
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
},
{
"lang": "es",
"value": "El protocolo HTTP/2 permite una denegaci\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\u00f3n de solicitudes puede restablecer muchas transmisiones r\u00e1pidamente, como explot\u00f3 salvajemente entre agosto y octubre de 2023."
}
],
"metrics": {},
"references": [
{
"url": "https://access.redhat.com/security/cve/cve-2023-44487",
"source": "cve@mitre.org"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/",
"source": "cve@mitre.org"
@ -32,10 +40,22 @@
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
"source": "cve@mitre.org"
},
{
"url": "https://blog.vespa.ai/cve-2023-44487/",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123",
"source": "cve@mitre.org"
},
{
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9",
"source": "cve@mitre.org"
@ -48,6 +68,10 @@
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
"source": "cve@mitre.org"
},
{
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125",
"source": "cve@mitre.org"
},
{
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
"source": "cve@mitre.org"
@ -60,6 +84,10 @@
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg",
"source": "cve@mitre.org"
@ -72,6 +100,10 @@
"url": "https://github.com/alibaba/tengine/issues/1872",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/apache/httpd-site/pull/10",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113",
"source": "cve@mitre.org"
@ -108,6 +140,10 @@
"url": "https://github.com/envoyproxy/envoy/pull/30055",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/etcd-io/etcd/issues/16740",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/facebook/proxygen/pull/466",
"source": "cve@mitre.org"
@ -136,6 +172,10 @@
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/junkurihara/rust-rpxy/issues/97",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1",
"source": "cve@mitre.org"
@ -148,6 +188,14 @@
"url": "https://github.com/kubernetes/kubernetes/pull/121120",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/line/armeria/pull/5232",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/micrictor/http2-rst-stream",
"source": "cve@mitre.org"
@ -168,6 +216,10 @@
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ninenines/cowboy/issues/1615",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/nodejs/node/pull/50121",
"source": "cve@mitre.org"
@ -180,10 +232,26 @@
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/projectcontour/contour/pull/5826",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/tempesta-tech/tempesta/issues/1986",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/varnishcache/varnish-cache/issues/3996",
"source": "cve@mitre.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
"source": "cve@mitre.org"
},
{
"url": "https://istio.io/latest/news/security/istio-security-2023-004/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
"source": "cve@mitre.org"
@ -240,6 +308,10 @@
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
"source": "cve@mitre.org"
},
{
"url": "https://ubuntu.com/security/CVE-2023-44487",
"source": "cve@mitre.org"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
"source": "cve@mitre.org"
@ -248,6 +320,10 @@
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"source": "cve@mitre.org"
},
{
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5521",
"source": "cve@mitre.org"

63
CVE-2023/CVE-2023-448xx/CVE-2023-44811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44811",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T20:15:10.533",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:06:27.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en MooSocial v.3.1.8 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n de cambio de contrase\u00f1a del administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4DFC6658-3CF4-4FDA-B119-2A0687F3F5A2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ahrixia/CVE-2023-44811",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-449xx/CVE-2023-44961.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44961",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-11T19:15:10.883",
"lastModified": "2023-10-11T19:15:10.883",
"vulnStatus": "Received",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-449xx/CVE-2023-44962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44962",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-11T19:15:10.943",
"lastModified": "2023-10-11T19:15:10.943",
"vulnStatus": "Received",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-451xx/CVE-2023-45132.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-45132",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-11T21:15:10.207",
"lastModified": "2023-10-11T21:15:10.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://github.com/wargio/naxsi/commit/1b712526ed3314dd6be7e8b0259eabda63c19537",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/wargio/naxsi/pull/103",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/wargio/naxsi/security/advisories/GHSA-7qjc-q4j9-pc8x",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-49xx/CVE-2023-4936.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4936",
"sourceIdentifier": "PSIRT@synaptics.com",
"published": "2023-10-11T17:15:11.117",
"lastModified": "2023-10-11T17:15:11.117",
"vulnStatus": "Received",
"lastModified": "2023-10-11T21:04:52.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-54xx/CVE-2023-5467.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5467",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-10T05:15:09.407",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T20:09:41.853",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -50,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "8105A21C-977C-4A84-BC86-8CA3583A2DE8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.0.1/plugins/single-location/includes/class-gmw-single-location.php#L413",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.0/plugins/single-location/includes/class-gmw-single-location.php#L401",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a96ac71f-3dae-40eb-9268-d56688a5aa64?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-55xx/CVE-2023-5535.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5535",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-11T20:15:10.967",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to v9.0.2010."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f",
"source": "security@huntr.dev"
}
]
}

86
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-11T20:00:25.225534+00:00
2023-10-11T22:00:25.256888+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-11T20:00:04.033000+00:00
2023-10-11T21:15:10.207000+00:00
```
### Last Data Feed Release
@ -29,50 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227590
227613
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `23`
* [CVE-2023-43960](CVE-2023/CVE-2023-439xx/CVE-2023-43960.json) (`2023-10-11T18:15:10.137`)
* [CVE-2023-23930](CVE-2023/CVE-2023-239xx/CVE-2023-23930.json) (`2023-10-11T18:15:10.037`)
* [CVE-2023-35645](CVE-2023/CVE-2023-356xx/CVE-2023-35645.json) (`2023-10-11T19:15:10.123`)
* [CVE-2023-38817](CVE-2023/CVE-2023-388xx/CVE-2023-38817.json) (`2023-10-11T19:15:10.180`)
* [CVE-2023-44961](CVE-2023/CVE-2023-449xx/CVE-2023-44961.json) (`2023-10-11T19:15:10.883`)
* [CVE-2023-44962](CVE-2023/CVE-2023-449xx/CVE-2023-44962.json) (`2023-10-11T19:15:10.943`)
* [CVE-2023-28635](CVE-2023/CVE-2023-286xx/CVE-2023-28635.json) (`2023-10-11T20:15:09.893`)
* [CVE-2023-35646](CVE-2023/CVE-2023-356xx/CVE-2023-35646.json) (`2023-10-11T20:15:09.993`)
* [CVE-2023-35647](CVE-2023/CVE-2023-356xx/CVE-2023-35647.json) (`2023-10-11T20:15:10.043`)
* [CVE-2023-35648](CVE-2023/CVE-2023-356xx/CVE-2023-35648.json) (`2023-10-11T20:15:10.090`)
* [CVE-2023-35649](CVE-2023/CVE-2023-356xx/CVE-2023-35649.json) (`2023-10-11T20:15:10.140`)
* [CVE-2023-35652](CVE-2023/CVE-2023-356xx/CVE-2023-35652.json) (`2023-10-11T20:15:10.187`)
* [CVE-2023-35653](CVE-2023/CVE-2023-356xx/CVE-2023-35653.json) (`2023-10-11T20:15:10.233`)
* [CVE-2023-35654](CVE-2023/CVE-2023-356xx/CVE-2023-35654.json) (`2023-10-11T20:15:10.280`)
* [CVE-2023-35655](CVE-2023/CVE-2023-356xx/CVE-2023-35655.json) (`2023-10-11T20:15:10.330`)
* [CVE-2023-35660](CVE-2023/CVE-2023-356xx/CVE-2023-35660.json) (`2023-10-11T20:15:10.380`)
* [CVE-2023-35661](CVE-2023/CVE-2023-356xx/CVE-2023-35661.json) (`2023-10-11T20:15:10.427`)
* [CVE-2023-35662](CVE-2023/CVE-2023-356xx/CVE-2023-35662.json) (`2023-10-11T20:15:10.477`)
* [CVE-2023-40141](CVE-2023/CVE-2023-401xx/CVE-2023-40141.json) (`2023-10-11T20:15:10.527`)
* [CVE-2023-40142](CVE-2023/CVE-2023-401xx/CVE-2023-40142.json) (`2023-10-11T20:15:10.567`)
* [CVE-2023-41881](CVE-2023/CVE-2023-418xx/CVE-2023-41881.json) (`2023-10-11T20:15:10.617`)
* [CVE-2023-41882](CVE-2023/CVE-2023-418xx/CVE-2023-41882.json) (`2023-10-11T20:15:10.700`)
* [CVE-2023-43661](CVE-2023/CVE-2023-436xx/CVE-2023-43661.json) (`2023-10-11T20:15:10.787`)
* [CVE-2023-5535](CVE-2023/CVE-2023-55xx/CVE-2023-5535.json) (`2023-10-11T20:15:10.967`)
* [CVE-2023-3781](CVE-2023/CVE-2023-37xx/CVE-2023-3781.json) (`2023-10-11T21:15:09.733`)
* [CVE-2023-44186](CVE-2023/CVE-2023-441xx/CVE-2023-44186.json) (`2023-10-11T21:15:09.890`)
* [CVE-2023-44187](CVE-2023/CVE-2023-441xx/CVE-2023-44187.json) (`2023-10-11T21:15:09.970`)
* [CVE-2023-44188](CVE-2023/CVE-2023-441xx/CVE-2023-44188.json) (`2023-10-11T21:15:10.047`)
* [CVE-2023-45132](CVE-2023/CVE-2023-451xx/CVE-2023-45132.json) (`2023-10-11T21:15:10.207`)
### CVEs modified in the last Commit
Recently modified CVEs: `52`
Recently modified CVEs: `22`
* [CVE-2023-41365](CVE-2023/CVE-2023-413xx/CVE-2023-41365.json) (`2023-10-11T19:10:23.687`)
* [CVE-2023-42473](CVE-2023/CVE-2023-424xx/CVE-2023-42473.json) (`2023-10-11T19:10:40.223`)
* [CVE-2023-42474](CVE-2023/CVE-2023-424xx/CVE-2023-42474.json) (`2023-10-11T19:14:12.600`)
* [CVE-2023-42475](CVE-2023/CVE-2023-424xx/CVE-2023-42475.json) (`2023-10-11T19:14:53.293`)
* [CVE-2023-21400](CVE-2023/CVE-2023-214xx/CVE-2023-21400.json) (`2023-10-11T19:15:09.927`)
* [CVE-2023-3090](CVE-2023/CVE-2023-30xx/CVE-2023-3090.json) (`2023-10-11T19:15:10.233`)
* [CVE-2023-3567](CVE-2023/CVE-2023-35xx/CVE-2023-3567.json) (`2023-10-11T19:15:10.337`)
* [CVE-2023-3609](CVE-2023/CVE-2023-36xx/CVE-2023-3609.json) (`2023-10-11T19:15:10.437`)
* [CVE-2023-3776](CVE-2023/CVE-2023-37xx/CVE-2023-3776.json) (`2023-10-11T19:15:10.583`)
* [CVE-2023-3777](CVE-2023/CVE-2023-37xx/CVE-2023-3777.json) (`2023-10-11T19:15:10.677`)
* [CVE-2023-40283](CVE-2023/CVE-2023-402xx/CVE-2023-40283.json) (`2023-10-11T19:15:10.787`)
* [CVE-2023-4004](CVE-2023/CVE-2023-40xx/CVE-2023-4004.json) (`2023-10-11T19:15:11.007`)
* [CVE-2023-4128](CVE-2023/CVE-2023-41xx/CVE-2023-4128.json) (`2023-10-11T19:15:11.123`)
* [CVE-2023-5495](CVE-2023/CVE-2023-54xx/CVE-2023-5495.json) (`2023-10-11T19:15:11.233`)
* [CVE-2023-44826](CVE-2023/CVE-2023-448xx/CVE-2023-44826.json) (`2023-10-11T19:16:19.453`)
* [CVE-2023-44827](CVE-2023/CVE-2023-448xx/CVE-2023-44827.json) (`2023-10-11T19:16:58.217`)
* [CVE-2023-44959](CVE-2023/CVE-2023-449xx/CVE-2023-44959.json) (`2023-10-11T19:17:07.777`)
* [CVE-2023-5402](CVE-2023/CVE-2023-54xx/CVE-2023-5402.json) (`2023-10-11T19:19:54.037`)
* [CVE-2023-5258](CVE-2023/CVE-2023-52xx/CVE-2023-5258.json) (`2023-10-11T19:22:24.333`)
* [CVE-2023-38701](CVE-2023/CVE-2023-387xx/CVE-2023-38701.json) (`2023-10-11T19:34:24.700`)
* [CVE-2023-43899](CVE-2023/CVE-2023-438xx/CVE-2023-43899.json) (`2023-10-11T19:43:22.707`)
* [CVE-2023-39189](CVE-2023/CVE-2023-391xx/CVE-2023-39189.json) (`2023-10-11T19:47:17.243`)
* [CVE-2023-41667](CVE-2023/CVE-2023-416xx/CVE-2023-41667.json) (`2023-10-11T19:51:59.227`)
* [CVE-2023-44813](CVE-2023/CVE-2023-448xx/CVE-2023-44813.json) (`2023-10-11T19:58:17.857`)
* [CVE-2023-44812](CVE-2023/CVE-2023-448xx/CVE-2023-44812.json) (`2023-10-11T20:00:04.033`)
* [CVE-2023-44811](CVE-2023/CVE-2023-448xx/CVE-2023-44811.json) (`2023-10-11T20:06:27.410`)
* [CVE-2023-5467](CVE-2023/CVE-2023-54xx/CVE-2023-5467.json) (`2023-10-11T20:09:41.853`)
* [CVE-2023-41672](CVE-2023/CVE-2023-416xx/CVE-2023-41672.json) (`2023-10-11T20:10:43.427`)
* [CVE-2023-41670](CVE-2023/CVE-2023-416xx/CVE-2023-41670.json) (`2023-10-11T20:19:29.923`)
* [CVE-2023-41669](CVE-2023/CVE-2023-416xx/CVE-2023-41669.json) (`2023-10-11T20:21:17.217`)
* [CVE-2023-41668](CVE-2023/CVE-2023-416xx/CVE-2023-41668.json) (`2023-10-11T20:34:24.760`)
* [CVE-2023-39194](CVE-2023/CVE-2023-391xx/CVE-2023-39194.json) (`2023-10-11T20:41:27.203`)
* [CVE-2023-39193](CVE-2023/CVE-2023-391xx/CVE-2023-39193.json) (`2023-10-11T20:46:48.450`)
* [CVE-2023-39192](CVE-2023/CVE-2023-391xx/CVE-2023-39192.json) (`2023-10-11T20:48:57.387`)
* [CVE-2023-41730](CVE-2023/CVE-2023-417xx/CVE-2023-41730.json) (`2023-10-11T20:51:55.970`)
* [CVE-2023-41697](CVE-2023/CVE-2023-416xx/CVE-2023-41697.json) (`2023-10-11T20:53:34.343`)
* [CVE-2023-41876](CVE-2023/CVE-2023-418xx/CVE-2023-41876.json) (`2023-10-11T20:55:32.437`)
* [CVE-2023-44961](CVE-2023/CVE-2023-449xx/CVE-2023-44961.json) (`2023-10-11T21:04:47.110`)
* [CVE-2023-44962](CVE-2023/CVE-2023-449xx/CVE-2023-44962.json) (`2023-10-11T21:04:47.110`)
* [CVE-2023-4936](CVE-2023/CVE-2023-49xx/CVE-2023-4936.json) (`2023-10-11T21:04:52.423`)
* [CVE-2023-23930](CVE-2023/CVE-2023-239xx/CVE-2023-23930.json) (`2023-10-11T21:04:52.423`)
* [CVE-2023-43960](CVE-2023/CVE-2023-439xx/CVE-2023-43960.json) (`2023-10-11T21:04:52.423`)
* [CVE-2023-35645](CVE-2023/CVE-2023-356xx/CVE-2023-35645.json) (`2023-10-11T21:04:52.423`)
* [CVE-2023-38817](CVE-2023/CVE-2023-388xx/CVE-2023-38817.json) (`2023-10-11T21:04:52.423`)
* [CVE-2023-41660](CVE-2023/CVE-2023-416xx/CVE-2023-41660.json) (`2023-10-11T21:05:59.973`)
* [CVE-2023-43641](CVE-2023/CVE-2023-436xx/CVE-2023-43641.json) (`2023-10-11T21:15:09.807`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-11T21:15:10.127`)
## Download and Usage