admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-13T18:00:26.228859+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-13 18:00:29 +00:00
parent 86d564caeb
commit d828fb3e62
51 changed files with 2036 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2021/CVE-2021-36xx/CVE-2021-3695.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3695",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-07-06T16:15:08.210",
"lastModified": "2022-10-28T16:14:48.493",
"lastModified": "2023-09-13T16:15:09.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -87,7 +87,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -95,17 +94,16 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:grub:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00",
"versionEndExcluding": "2.12",
"matchCriteriaId": "525D21AB-B92C-499B-BE91-8681AD7A3226"
"matchCriteriaId": "B798FFCB-4972-436F-ADB4-8DA325089773"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -121,7 +119,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -356,7 +353,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

11
CVE-2021/CVE-2021-36xx/CVE-2021-3696.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3696",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-07-06T16:15:08.270",
"lastModified": "2022-10-28T16:17:17.393",
"lastModified": "2023-09-13T16:15:41.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -87,7 +87,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -95,17 +94,16 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:grub:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00",
"versionEndExcluding": "2.12",
"matchCriteriaId": "525D21AB-B92C-499B-BE91-8681AD7A3226"
"matchCriteriaId": "B798FFCB-4972-436F-ADB4-8DA325089773"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -340,7 +338,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

10
CVE-2021/CVE-2021-36xx/CVE-2021-3697.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3697",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-07-06T16:15:08.320",
"lastModified": "2023-02-23T17:19:06.080",
"lastModified": "2023-09-13T16:15:06.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -87,7 +87,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -95,17 +94,16 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:grub:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00",
"versionEndExcluding": "2.12",
"matchCriteriaId": "525D21AB-B92C-499B-BE91-8681AD7A3226"
"matchCriteriaId": "B798FFCB-4972-436F-ADB4-8DA325089773"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

8
CVE-2022/CVE-2022-235xx/CVE-2022-23514.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23514",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T14:15:10.477",
"lastModified": "2022-12-19T17:03:37.533",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T17:15:07.937",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -99,6 +99,10 @@
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2022/CVE-2022-235xx/CVE-2022-23515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23515",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T14:15:10.553",
"lastModified": "2022-12-19T17:12:34.307",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T17:15:08.497",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -108,6 +108,10 @@
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html",
"source": "security-advisories@github.com"
}
]
}

10
CVE-2022/CVE-2022-235xx/CVE-2022-23516.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-23516",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T14:15:10.627",
"lastModified": "2022-12-19T17:14:37.517",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T17:15:08.673",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized."
"value": "Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized."
}
],
"metrics": {
@ -92,6 +92,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2022/CVE-2022-235xx/CVE-2022-23517.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23517",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T17:15:10.130",
"lastModified": "2022-12-16T19:13:24.157",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T17:15:08.803",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -107,6 +107,10 @@
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2022/CVE-2022-235xx/CVE-2022-23518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23518",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T17:15:10.713",
"lastModified": "2022-12-16T19:17:58.373",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T17:15:08.917",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -117,6 +117,10 @@
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
"source": "security-advisories@github.com"
}
]
}

10
CVE-2022/CVE-2022-235xx/CVE-2022-23519.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-23519",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T17:15:11.067",
"lastModified": "2022-12-16T21:48:41.260",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T17:15:09.017",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags."
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n"
}
],
"metrics": {
@ -100,6 +100,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
"source": "security-advisories@github.com"
}
]
}

14
CVE-2022/CVE-2022-235xx/CVE-2022-23520.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-23520",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T18:15:17.560",
"lastModified": "2022-12-16T21:38:13.823",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T17:15:09.127",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize."
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.\n"
}
],
"metrics": {
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -66,7 +66,7 @@
]
},
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@ -110,6 +110,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
"source": "security-advisories@github.com"
}
]
}

43
CVE-2023/CVE-2023-201xx/CVE-2023-20135.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20135",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-13T17:15:09.253",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.\r\n\r This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-201xx/CVE-2023-20190.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20190",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-13T17:15:09.357",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.\r\n\r This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-201xx/CVE-2023-20191.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20191",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-13T17:15:09.440",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20233.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20233",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-13T17:15:09.523",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20236.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20236",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-13T17:15:09.607",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
"source": "ykramarz@cisco.com"
}
]
}

47
CVE-2023/CVE-2023-26xx/CVE-2023-2680.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-2680",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-13T17:15:09.697",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2680",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387",
"source": "secalert@redhat.com"
}
]
}

78
CVE-2023/CVE-2023-271xx/CVE-2023-27169.json
View File

@ -2,31 +2,95 @@
"id": "CVE-2023-27169",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T12:15:07.580",
"lastModified": "2023-09-12T14:47:07.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:38:54.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xpand-it:write-back_manager:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96EE1947-66DE-40BC-B1B3-7F7DB799B747"
}
]
}
]
}
],
"references": [
{
"url": "https://balwurk.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://balwurk.com/cve-use-of-hard-coded-cryptographic-key/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://writeback4t.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.xpand-it.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

77
CVE-2023/CVE-2023-274xx/CVE-2023-27470.json
View File

@ -2,19 +2,88 @@
"id": "CVE-2023-27470",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T15:15:52.727",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:04:11.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\\GetSupportService_N-Central\\PushUpdates, leading to arbitrary file deletion."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:n-able:take_control:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.43",
"matchCriteriaId": "6DF6BEE6-E8DB-45AD-B116-F0DD44BA248B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0011.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-32xx/CVE-2023-3255.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-3255",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-13T17:15:09.877",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3255",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218486",
"source": "secalert@redhat.com"
}
]
}

55
CVE-2023/CVE-2023-32xx/CVE-2023-3280.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3280",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-09-13T17:15:09.963",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-3280",
"source": "psirt@paloaltonetworks.com"
}
]
}

47
CVE-2023/CVE-2023-33xx/CVE-2023-3301.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-3301",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-13T17:15:10.063",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3301",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784",
"source": "secalert@redhat.com"
}
]
}

83
CVE-2023/CVE-2023-356xx/CVE-2023-35675.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-35675",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.253",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:40:35.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/c1cf4b9746c9641190730172522324ccd5b8c914",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-356xx/CVE-2023-35676.json
View File

@ -2,23 +2,91 @@
"id": "CVE-2023-35676",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.313",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:40:15.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/109e58b62dc9fedcee93983678ef9d4931e72afa",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-356xx/CVE-2023-35677.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-35677",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.367",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:39:58.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/846180c19f68f6fb1b0653356401d3235fef846e",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-356xx/CVE-2023-35679.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-35679",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.427",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:39:43.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-356xx/CVE-2023-35680.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-35680",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.490",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:39:23.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/services/Telephony/+/674039e70e1c5bf29b808899ac80c709acc82290",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-361xx/CVE-2023-36184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36184",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T02:15:08.080",
"lastModified": "2023-09-08T12:58:39.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T16:22:02.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,103 @@
"value": "Se descubri\u00f3 que CMysten Labs Sui blockchain v1.2.0 contiene un desbordamiento de pila a trav\u00e9s del componente \"/spec/openrpc.json\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aptosfoundation:aptos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.3",
"matchCriteriaId": "23231A97-68C3-43D6-AC2C-C2B45D157B44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:move_project:move:-:*:*:*:*:*:*:*",
"matchCriteriaId": "907819DB-84CC-4F4B-9504-E98983DADE0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mystenlabs:sui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1",
"matchCriteriaId": "8DE411CA-D1E1-4C94-808E-C37F3BF4ECEB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MystenLabs/sui/commit/8b681515c0cf435df2a54198a28ab4ef574d202b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aptos-labs/aptos-core/commit/47a0391c612407fe0b1051ef658a29e35d986963",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/move-language/move/issues/1059",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://medium.com/@Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-36xx/CVE-2023-3612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3612",
"sourceIdentifier": "incident@nbu.gov.sk",
"published": "2023-09-11T10:15:07.603",
"lastModified": "2023-09-12T08:15:13.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:53:49.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "incident@nbu.gov.sk",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "incident@nbu.gov.sk",
"type": "Secondary",
@ -46,10 +76,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:govee:home:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.8.01",
"matchCriteriaId": "A620D3FC-BFD8-4142-B655-C1115D8871FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:govee:home:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.8.01",
"matchCriteriaId": "C81C8BA3-1AE7-4FC3-B52A-273210034903"
}
]
}
]
}
],
"references": [
{
"url": "https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10",
"source": "incident@nbu.gov.sk"
"source": "incident@nbu.gov.sk",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-382xx/CVE-2023-38214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38214",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-13T14:15:08.127",
"lastModified": "2023-09-13T14:15:08.127",
"vulnStatus": "Received",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-382xx/CVE-2023-38215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38215",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-13T14:15:09.027",
"lastModified": "2023-09-13T14:15:09.027",
"vulnStatus": "Received",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

90
CVE-2023/CVE-2023-396xx/CVE-2023-39637.json
View File

@ -2,31 +2,107 @@
"id": "CVE-2023-39637",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T12:15:08.077",
"lastModified": "2023-09-12T14:47:07.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:37:22.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10b05:*:*:*:*:*:*:*",
"matchCriteriaId": "B12CE36E-C7F7-4FE7-BA46-8EC5B61F617E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7"
}
]
}
]
}
],
"references": [
{
"url": "http://d-link.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-816",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/mmmmmx1/dlink/blob/main/DIR-816/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-396xx/CVE-2023-39663.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39663",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T20:15:09.990",
"lastModified": "2023-08-31T18:32:33.047",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T17:15:09.790",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern."
"value": "** DISPUTED ** Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk."
}
],
"metrics": {

4
CVE-2023/CVE-2023-399xx/CVE-2023-39914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39914",
"sourceIdentifier": "sep@nlnetlabs.nl",
"published": "2023-09-13T15:15:07.657",
"lastModified": "2023-09-13T15:15:07.657",
"vulnStatus": "Received",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-399xx/CVE-2023-39915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39915",
"sourceIdentifier": "sep@nlnetlabs.nl",
"published": "2023-09-13T15:15:07.763",
"lastModified": "2023-09-13T15:15:07.763",
"vulnStatus": "Received",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-399xx/CVE-2023-39916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39916",
"sourceIdentifier": "sep@nlnetlabs.nl",
"published": "2023-09-13T15:15:07.837",
"lastModified": "2023-09-13T15:15:07.837",
"vulnStatus": "Received",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-39xx/CVE-2023-3935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3935",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-09-13T14:15:09.147",
"lastModified": "2023-09-13T14:15:09.147",
"vulnStatus": "Received",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2023/CVE-2023-410xx/CVE-2023-41000.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-41000",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T15:16:02.307",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:56:45.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.1",
"matchCriteriaId": "047BC15F-5E51-48D9-B751-9DC9311FEBCF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/issues/2550",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-410xx/CVE-2023-41013.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-41013",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T12:15:08.533",
"lastModified": "2023-09-12T14:47:07.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:37:10.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the \"p4\" field."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icewarp:icewarp:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7D1C54-2DE8-4C29-8676-55C5DA8722C2"
}
]
}
]
}
],
"references": [
{
"url": "http://icewrap.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://medium.com/@katikitala.sushmitha078/cve-2023-41013-789841dcad91",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-415xx/CVE-2023-41564.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-41564",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T23:15:11.877",
"lastModified": "2023-09-10T19:45:57.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:06:06.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:agentejo:cockpit:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "134766A8-60F0-4B41-A36B-EAB70A9EB902"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LongHair00/Mitre_opensource_report/blob/main/CockpitCMS-StoredXSS.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-41xx/CVE-2023-4104.json
View File

@ -2,39 +2,115 @@
"id": "CVE-2023-4104",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:08.997",
"lastModified": "2023-09-11T12:41:46.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T16:34:57.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.\n*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:vpn:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "2.16.1",
"matchCriteriaId": "60737FA0-0B0A-4423-891A-6E747F952254"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1831318",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7110",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7151",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-39/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/08/03/1",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-41xx/CVE-2023-4155.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-4155",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-13T17:15:10.143",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4155",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802",
"source": "secalert@redhat.com"
}
]
}

8
CVE-2023/CVE-2023-44xx/CVE-2023-4456.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4456",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-21T17:15:50.283",
"lastModified": "2023-08-25T18:25:09.557",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T16:15:10.590",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:4933",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4456",
"source": "secalert@redhat.com",

96
CVE-2023/CVE-2023-46xx/CVE-2023-4630.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4630",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-11T14:15:09.343",
"lastModified": "2023-09-11T14:26:36.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T16:50:23.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,10 +76,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "10.6.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "F9BDADFA-ADB1-488F-AB5A-209A19FC70A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "10.6.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "21BFE27A-793C-4B3C-BC89-B341A0777F7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2.0",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "0892F9AB-63DF-4753-9463-34C81A2174B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2.0",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "D678B1CF-DAF8-4A11-80D4-0CB0796A104C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*",
"matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651"
}
]
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/",
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415117",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

4
CVE-2023/CVE-2023-47xx/CVE-2023-4701.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4701",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-09-13T14:15:09.297",
"lastModified": "2023-09-13T14:15:09.297",
"vulnStatus": "Received",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

71
CVE-2023/CVE-2023-47xx/CVE-2023-4785.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-4785",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-13T17:15:10.227",
"lastModified": "2023-09-13T17:27:35.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u00a0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://github.com/grpc/grpc/pull/33656",
"source": "cve-coordination@google.com"
},
{
"url": "https://github.com/grpc/grpc/pull/33667",
"source": "cve-coordination@google.com"
},
{
"url": "https://github.com/grpc/grpc/pull/33669",
"source": "cve-coordination@google.com"
},
{
"url": "https://github.com/grpc/grpc/pull/33670",
"source": "cve-coordination@google.com"
},
{
"url": "https://github.com/grpc/grpc/pull/33672",
"source": "cve-coordination@google.com"
}
]
}

55
CVE-2023/CVE-2023-48xx/CVE-2023-4801.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4801",
"sourceIdentifier": "security@proofpoint.com",
"published": "2023-09-13T16:15:10.767",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006",
"source": "security@proofpoint.com"
}
]
}

55
CVE-2023/CVE-2023-48xx/CVE-2023-4802.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4802",
"sourceIdentifier": "security@proofpoint.com",
"published": "2023-09-13T16:15:11.017",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007",
"source": "security@proofpoint.com"
}
]
}

55
CVE-2023/CVE-2023-48xx/CVE-2023-4803.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4803",
"sourceIdentifier": "security@proofpoint.com",
"published": "2023-09-13T16:15:11.103",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007",
"source": "security@proofpoint.com"
}
]
}

55
CVE-2023/CVE-2023-48xx/CVE-2023-4828.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4828",
"sourceIdentifier": "security@proofpoint.com",
"published": "2023-09-13T16:15:11.197",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the configuration of any already-registered agent so that all future agent communications are sent to an attacker-chosen URL. An attacker must first successfully obtain valid agent credentials and target agent hostname. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008",
"source": "security@proofpoint.com"
}
]
}

40
CVE-2023/CVE-2023-48xx/CVE-2023-4863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4863",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-12T15:15:24.327",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T17:15:10.317",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html",
"source": "chrome-cve-admin@google.com"
@ -19,6 +23,38 @@
{
"url": "https://crbug.com/1479274",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://en.bandisoft.com/honeyview/history/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://news.ycombinator.com/item?id=37478403",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-4863",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"source": "chrome-cve-admin@google.com"
}
]
}

82
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-13T16:00:25.208734+00:00
2023-09-13T18:00:26.228859+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-13T15:15:07.837000+00:00
2023-09-13T17:56:45.940000+00:00
```
### Last Data Feed Release
@ -29,51 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224870
224885
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `15`
* [CVE-2023-38214](CVE-2023/CVE-2023-382xx/CVE-2023-38214.json) (`2023-09-13T14:15:08.127`)
* [CVE-2023-38215](CVE-2023/CVE-2023-382xx/CVE-2023-38215.json) (`2023-09-13T14:15:09.027`)
* [CVE-2023-3935](CVE-2023/CVE-2023-39xx/CVE-2023-3935.json) (`2023-09-13T14:15:09.147`)
* [CVE-2023-4701](CVE-2023/CVE-2023-47xx/CVE-2023-4701.json) (`2023-09-13T14:15:09.297`)
* [CVE-2023-39914](CVE-2023/CVE-2023-399xx/CVE-2023-39914.json) (`2023-09-13T15:15:07.657`)
* [CVE-2023-39915](CVE-2023/CVE-2023-399xx/CVE-2023-39915.json) (`2023-09-13T15:15:07.763`)
* [CVE-2023-39916](CVE-2023/CVE-2023-399xx/CVE-2023-39916.json) (`2023-09-13T15:15:07.837`)
* [CVE-2023-4801](CVE-2023/CVE-2023-48xx/CVE-2023-4801.json) (`2023-09-13T16:15:10.767`)
* [CVE-2023-4802](CVE-2023/CVE-2023-48xx/CVE-2023-4802.json) (`2023-09-13T16:15:11.017`)
* [CVE-2023-4803](CVE-2023/CVE-2023-48xx/CVE-2023-4803.json) (`2023-09-13T16:15:11.103`)
* [CVE-2023-4828](CVE-2023/CVE-2023-48xx/CVE-2023-4828.json) (`2023-09-13T16:15:11.197`)
* [CVE-2023-20135](CVE-2023/CVE-2023-201xx/CVE-2023-20135.json) (`2023-09-13T17:15:09.253`)
* [CVE-2023-20190](CVE-2023/CVE-2023-201xx/CVE-2023-20190.json) (`2023-09-13T17:15:09.357`)
* [CVE-2023-20191](CVE-2023/CVE-2023-201xx/CVE-2023-20191.json) (`2023-09-13T17:15:09.440`)
* [CVE-2023-20233](CVE-2023/CVE-2023-202xx/CVE-2023-20233.json) (`2023-09-13T17:15:09.523`)
* [CVE-2023-20236](CVE-2023/CVE-2023-202xx/CVE-2023-20236.json) (`2023-09-13T17:15:09.607`)
* [CVE-2023-2680](CVE-2023/CVE-2023-26xx/CVE-2023-2680.json) (`2023-09-13T17:15:09.697`)
* [CVE-2023-3255](CVE-2023/CVE-2023-32xx/CVE-2023-3255.json) (`2023-09-13T17:15:09.877`)
* [CVE-2023-3280](CVE-2023/CVE-2023-32xx/CVE-2023-3280.json) (`2023-09-13T17:15:09.963`)
* [CVE-2023-3301](CVE-2023/CVE-2023-33xx/CVE-2023-3301.json) (`2023-09-13T17:15:10.063`)
* [CVE-2023-4155](CVE-2023/CVE-2023-41xx/CVE-2023-4155.json) (`2023-09-13T17:15:10.143`)
* [CVE-2023-4785](CVE-2023/CVE-2023-47xx/CVE-2023-4785.json) (`2023-09-13T17:15:10.227`)
### CVEs modified in the last Commit
Recently modified CVEs: `67`
Recently modified CVEs: `35`
* [CVE-2023-4874](CVE-2023/CVE-2023-48xx/CVE-2023-4874.json) (`2023-09-13T14:30:57.767`)
* [CVE-2023-40039](CVE-2023/CVE-2023-400xx/CVE-2023-40039.json) (`2023-09-13T14:30:58.217`)
* [CVE-2023-40040](CVE-2023/CVE-2023-400xx/CVE-2023-40040.json) (`2023-09-13T14:31:47.480`)
* [CVE-2023-42467](CVE-2023/CVE-2023-424xx/CVE-2023-42467.json) (`2023-09-13T14:32:20.067`)
* [CVE-2023-41915](CVE-2023/CVE-2023-419xx/CVE-2023-41915.json) (`2023-09-13T14:32:53.017`)
* [CVE-2023-39076](CVE-2023/CVE-2023-390xx/CVE-2023-39076.json) (`2023-09-13T14:33:30.147`)
* [CVE-2023-4816](CVE-2023/CVE-2023-48xx/CVE-2023-4816.json) (`2023-09-13T14:35:05.177`)
* [CVE-2023-42471](CVE-2023/CVE-2023-424xx/CVE-2023-42471.json) (`2023-09-13T14:36:04.363`)
* [CVE-2023-42470](CVE-2023/CVE-2023-424xx/CVE-2023-42470.json) (`2023-09-13T14:36:22.290`)
* [CVE-2023-41316](CVE-2023/CVE-2023-413xx/CVE-2023-41316.json) (`2023-09-13T14:36:54.837`)
* [CVE-2023-32470](CVE-2023/CVE-2023-324xx/CVE-2023-32470.json) (`2023-09-13T14:37:24.530`)
* [CVE-2023-35682](CVE-2023/CVE-2023-356xx/CVE-2023-35682.json) (`2023-09-13T14:39:22.120`)
* [CVE-2023-35681](CVE-2023/CVE-2023-356xx/CVE-2023-35681.json) (`2023-09-13T14:39:48.377`)
* [CVE-2023-38829](CVE-2023/CVE-2023-388xx/CVE-2023-38829.json) (`2023-09-13T14:40:32.463`)
* [CVE-2023-4897](CVE-2023/CVE-2023-48xx/CVE-2023-4897.json) (`2023-09-13T14:41:12.663`)
* [CVE-2023-40623](CVE-2023/CVE-2023-406xx/CVE-2023-40623.json) (`2023-09-13T14:45:19.633`)
* [CVE-2023-40622](CVE-2023/CVE-2023-406xx/CVE-2023-40622.json) (`2023-09-13T14:45:47.617`)
* [CVE-2023-40621](CVE-2023/CVE-2023-406xx/CVE-2023-40621.json) (`2023-09-13T14:46:22.113`)
* [CVE-2023-40584](CVE-2023/CVE-2023-405xx/CVE-2023-40584.json) (`2023-09-13T14:47:24.317`)
* [CVE-2023-40029](CVE-2023/CVE-2023-400xx/CVE-2023-40029.json) (`2023-09-13T14:49:32.197`)
* [CVE-2023-4296](CVE-2023/CVE-2023-42xx/CVE-2023-4296.json) (`2023-09-13T14:50:08.323`)
* [CVE-2023-40625](CVE-2023/CVE-2023-406xx/CVE-2023-40625.json) (`2023-09-13T14:59:43.357`)
* [CVE-2023-42472](CVE-2023/CVE-2023-424xx/CVE-2023-42472.json) (`2023-09-13T15:01:22.793`)
* [CVE-2023-41367](CVE-2023/CVE-2023-413xx/CVE-2023-41367.json) (`2023-09-13T15:02:11.297`)
* [CVE-2023-30908](CVE-2023/CVE-2023-309xx/CVE-2023-30908.json) (`2023-09-13T15:15:07.517`)
* [CVE-2023-4456](CVE-2023/CVE-2023-44xx/CVE-2023-4456.json) (`2023-09-13T16:15:10.590`)
* [CVE-2023-36184](CVE-2023/CVE-2023-361xx/CVE-2023-36184.json) (`2023-09-13T16:22:02.973`)
* [CVE-2023-38214](CVE-2023/CVE-2023-382xx/CVE-2023-38214.json) (`2023-09-13T16:34:14.220`)
* [CVE-2023-38215](CVE-2023/CVE-2023-382xx/CVE-2023-38215.json) (`2023-09-13T16:34:14.220`)
* [CVE-2023-3935](CVE-2023/CVE-2023-39xx/CVE-2023-3935.json) (`2023-09-13T16:34:14.220`)
* [CVE-2023-4701](CVE-2023/CVE-2023-47xx/CVE-2023-4701.json) (`2023-09-13T16:34:14.220`)
* [CVE-2023-39914](CVE-2023/CVE-2023-399xx/CVE-2023-39914.json) (`2023-09-13T16:34:14.220`)
* [CVE-2023-39915](CVE-2023/CVE-2023-399xx/CVE-2023-39915.json) (`2023-09-13T16:34:14.220`)
* [CVE-2023-39916](CVE-2023/CVE-2023-399xx/CVE-2023-39916.json) (`2023-09-13T16:34:14.220`)
* [CVE-2023-4104](CVE-2023/CVE-2023-41xx/CVE-2023-4104.json) (`2023-09-13T16:34:57.820`)
* [CVE-2023-4630](CVE-2023/CVE-2023-46xx/CVE-2023-4630.json) (`2023-09-13T16:50:23.250`)
* [CVE-2023-27470](CVE-2023/CVE-2023-274xx/CVE-2023-27470.json) (`2023-09-13T17:04:11.437`)
* [CVE-2023-41564](CVE-2023/CVE-2023-415xx/CVE-2023-41564.json) (`2023-09-13T17:06:06.760`)
* [CVE-2023-39663](CVE-2023/CVE-2023-396xx/CVE-2023-39663.json) (`2023-09-13T17:15:09.790`)
* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-13T17:15:10.317`)
* [CVE-2023-41013](CVE-2023/CVE-2023-410xx/CVE-2023-41013.json) (`2023-09-13T17:37:10.573`)
* [CVE-2023-39637](CVE-2023/CVE-2023-396xx/CVE-2023-39637.json) (`2023-09-13T17:37:22.413`)
* [CVE-2023-27169](CVE-2023/CVE-2023-271xx/CVE-2023-27169.json) (`2023-09-13T17:38:54.003`)
* [CVE-2023-35680](CVE-2023/CVE-2023-356xx/CVE-2023-35680.json) (`2023-09-13T17:39:23.453`)
* [CVE-2023-35679](CVE-2023/CVE-2023-356xx/CVE-2023-35679.json) (`2023-09-13T17:39:43.833`)
* [CVE-2023-35677](CVE-2023/CVE-2023-356xx/CVE-2023-35677.json) (`2023-09-13T17:39:58.473`)
* [CVE-2023-35676](CVE-2023/CVE-2023-356xx/CVE-2023-35676.json) (`2023-09-13T17:40:15.690`)
* [CVE-2023-35675](CVE-2023/CVE-2023-356xx/CVE-2023-35675.json) (`2023-09-13T17:40:35.963`)
* [CVE-2023-3612](CVE-2023/CVE-2023-36xx/CVE-2023-3612.json) (`2023-09-13T17:53:49.923`)
* [CVE-2023-41000](CVE-2023/CVE-2023-410xx/CVE-2023-41000.json) (`2023-09-13T17:56:45.940`)
## Download and Usage