From db2765c2fc5cd5500e8739290a84bd1cdbd2a7fd Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 28 Aug 2023 18:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-08-28T18:00:25.157865+00:00 --- CVE-2020/CVE-2020-215xx/CVE-2020-21583.json | 74 ++++++++++- CVE-2020/CVE-2020-266xx/CVE-2020-26683.json | 65 +++++++++- CVE-2021/CVE-2021-341xx/CVE-2021-34193.json | 131 +++++++++++++++++--- CVE-2021/CVE-2021-353xx/CVE-2021-35309.json | 68 +++++++++- CVE-2021/CVE-2021-402xx/CVE-2021-40263.json | 64 +++++++++- CVE-2021/CVE-2021-463xx/CVE-2021-46310.json | 64 +++++++++- CVE-2021/CVE-2021-463xx/CVE-2021-46312.json | 64 +++++++++- CVE-2023/CVE-2023-19xx/CVE-2023-1997.json | 55 ++++++++ CVE-2023/CVE-2023-202xx/CVE-2023-20232.json | 60 ++++++++- CVE-2023/CVE-2023-275xx/CVE-2023-27576.json | 6 +- CVE-2023/CVE-2023-325xx/CVE-2023-32563.json | 8 +- CVE-2023/CVE-2023-371xx/CVE-2023-37151.json | 87 +------------ CVE-2023/CVE-2023-395xx/CVE-2023-39560.json | 20 +++ CVE-2023/CVE-2023-42xx/CVE-2023-4273.json | 6 +- README.md | 26 ++-- 15 files changed, 658 insertions(+), 140 deletions(-) create mode 100644 CVE-2023/CVE-2023-19xx/CVE-2023-1997.json create mode 100644 CVE-2023/CVE-2023-395xx/CVE-2023-39560.json diff --git a/CVE-2020/CVE-2020-215xx/CVE-2020-21583.json b/CVE-2020/CVE-2020-215xx/CVE-2020-21583.json index d168055272b..7381dcffa18 100644 --- a/CVE-2020/CVE-2020-215xx/CVE-2020-21583.json +++ b/CVE-2020/CVE-2020-215xx/CVE-2020-21583.json @@ -2,23 +2,87 @@ "id": "CVE-2020-21583", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:13.890", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T16:35:03.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.27", + "matchCriteriaId": "91FF39A0-BF03-46E2-98B4-8F16A5CB611F" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-266xx/CVE-2020-26683.json b/CVE-2020/CVE-2020-266xx/CVE-2020-26683.json index 33f81d70dc4..50d983e60ab 100644 --- a/CVE-2020/CVE-2020-266xx/CVE-2020-26683.json +++ b/CVE-2020/CVE-2020-266xx/CVE-2020-26683.json @@ -2,19 +2,76 @@ "id": "CVE-2020-26683", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:19.997", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T16:44:27.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:mupdf:1.17.0:-:*:*:*:*:*:*", + "matchCriteriaId": "10D59FD7-8E87-448D-9CDF-52C50C23B53A" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702566", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-341xx/CVE-2021-34193.json b/CVE-2021/CVE-2021-341xx/CVE-2021-34193.json index 5c45cb2e0fa..277a0400651 100644 --- a/CVE-2021/CVE-2021-341xx/CVE-2021-34193.json +++ b/CVE-2021/CVE-2021-341xx/CVE-2021-34193.json @@ -2,63 +2,164 @@ "id": "CVE-2021-34193", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:20.913", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T17:04:48.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.23.0", + "matchCriteriaId": "1B74AA73-8F23-4675-9206-1806EBE8BE23" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27719", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28768", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28855", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30112", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31448", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31540", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32149", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-353xx/CVE-2021-35309.json b/CVE-2021/CVE-2021-353xx/CVE-2021-35309.json index 7454f928741..ad8322357cd 100644 --- a/CVE-2021/CVE-2021-353xx/CVE-2021-35309.json +++ b/CVE-2021/CVE-2021-353xx/CVE-2021-35309.json @@ -2,23 +2,81 @@ "id": "CVE-2021-35309", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:21.367", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T17:23:51.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:syncthru_web_service:5.93:*:*:*:*:*:*:*", + "matchCriteriaId": "BEC9CA86-B778-40A8-AEBF-74B43F6F1BB1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mustafa-turgut/cve-subscriptions/tree/main/samsung-stws", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.samsungmobile.com/securityUpdate.smsb", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-402xx/CVE-2021-40263.json b/CVE-2021/CVE-2021-402xx/CVE-2021-40263.json index beb904288e9..c47bec4fc1e 100644 --- a/CVE-2021/CVE-2021-402xx/CVE-2021-40263.json +++ b/CVE-2021/CVE-2021-402xx/CVE-2021-40263.json @@ -2,19 +2,75 @@ "id": "CVE-2021-40263", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:21.540", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T17:25:01.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freeimage_project:freeimage:1.18.0:*:*:*:*:*:*:*", + "matchCriteriaId": "47981CCB-20F4-4EB7-8313-EA4CBEDE7BC4" + } + ] + } + ] + } + ], "references": [ { "url": "https://sourceforge.net/p/freeimage/bugs/336/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-463xx/CVE-2021-46310.json b/CVE-2021/CVE-2021-463xx/CVE-2021-46310.json index f8823977296..e615f171e52 100644 --- a/CVE-2021/CVE-2021-463xx/CVE-2021-46310.json +++ b/CVE-2021/CVE-2021-463xx/CVE-2021-46310.json @@ -2,19 +2,75 @@ "id": "CVE-2021-46310", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:21.940", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T17:46:02.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:djvulibre_project:djvulibre:3.5.28:*:*:*:*:*:*:*", + "matchCriteriaId": "AB6AADCA-4B27-46ED-BFC8-391793461AB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://sourceforge.net/p/djvu/bugs/345/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-463xx/CVE-2021-46312.json b/CVE-2021/CVE-2021-463xx/CVE-2021-46312.json index cc432b17880..641af6ac2d6 100644 --- a/CVE-2021/CVE-2021-463xx/CVE-2021-46312.json +++ b/CVE-2021/CVE-2021-463xx/CVE-2021-46312.json @@ -2,19 +2,75 @@ "id": "CVE-2021-46312", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:21.993", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T17:40:07.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:djvulibre_project:djvulibre:3.5.28:*:*:*:*:*:*:*", + "matchCriteriaId": "AB6AADCA-4B27-46ED-BFC8-391793461AB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://sourceforge.net/p/djvu/bugs/344/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json new file mode 100644 index 00000000000..77e7870588d --- /dev/null +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1997", + "sourceIdentifier": "3DS.Information-Security@3ds.com", + "published": "2023-08-28T16:15:08.627", + "lastModified": "2023-08-28T16:15:08.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "source": "3DS.Information-Security@3ds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20232.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20232.json index 4be8a8a25c5..25c013a0287 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20232.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20232.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20232", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-08-16T22:15:12.597", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T16:00:45.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +54,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.5\\(1\\)_su2_es05", + "matchCriteriaId": "03A8678A-D1C2-4C80-83C9-DD49873D09EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-wcp-JJeqDT3S", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json index e3d0e5c70ff..d6291c30c05 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json @@ -2,12 +2,12 @@ "id": "CVE-2023-27576", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T15:15:09.723", - "lastModified": "2023-08-23T17:00:20.757", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-28T17:15:09.600", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission." + "value": "An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin's email address to one under the attacker's control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32563.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32563.json index 7c524d5faf4..d5b93c37352 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32563.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32563.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32563", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-10T20:15:10.437", - "lastModified": "2023-08-15T20:10:36.940", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-28T16:15:09.003", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -93,6 +93,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939", + "source": "support@hackerone.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37151.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37151.json index 4e3570a8e8a..d79c94fde50 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37151.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37151.json @@ -2,91 +2,14 @@ "id": "CVE-2023-37151", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-10T16:15:53.513", - "lastModified": "2023-08-02T15:15:10.420", - "vulnStatus": "Modified", + "lastModified": "2023-08-28T16:15:09.600", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Sourcecodester Online Pizza Ordering System v1.0 allows the upload of malicious PHP files resulting in Remote Code Execution (RCE)." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2246. Reason: This candidate is a reservation duplicate of CVE-2023-2246. Notes: All CVE users should reference CVE-2023-2246 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-434" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:online_pizza_ordering_system_project:online_pizza_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "F6E8E2F0-0703-41CF-B750-06DAD69757E5" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Pizza%20Ordering%20System%201.0.md", - "source": "cve@mitre.org", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.chtsecurity.com/news/50227a91-34ee-4b2d-9c84-954860488202", - "source": "cve@mitre.org" - }, - { - "url": "https://www.chtsecurity.com/news/8b7ace7d-c5b0-42a9-99b6-8fd0814ed7be", - "source": "cve@mitre.org" - }, - { - "url": "https://www.exploit-db.com/exploits/51431", - "source": "cve@mitre.org", - "tags": [ - "Third Party Advisory", - "VDB Entry" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json new file mode 100644 index 00000000000..0ab051f3942 --- /dev/null +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39560", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-28T17:15:09.820", + "lastModified": "2023-08-28T17:15:09.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \\default\\helpers\\insert.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Luci4n555/cve_ectouch", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4273.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4273.json index 0ac175dfda5..5150e5f30fe 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4273.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4273.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4273", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-09T15:15:09.823", - "lastModified": "2023-08-19T18:17:16.537", + "lastModified": "2023-08-28T16:15:09.860", "vulnStatus": "Modified", "descriptions": [ { @@ -151,6 +151,10 @@ "Third Party Advisory" ] }, + { + "url": "https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/", "source": "secalert@redhat.com" diff --git a/README.md b/README.md index 06d14b5081f..655c008e4c1 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-28T16:00:24.617354+00:00 +2023-08-28T18:00:25.157865+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-28T15:32:49.990000+00:00 +2023-08-28T17:46:02.613000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223559 +223561 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -* [CVE-2023-39708](CVE-2023/CVE-2023-397xx/CVE-2023-39708.json) (`2023-08-28T14:15:09.033`) -* [CVE-2023-40846](CVE-2023/CVE-2023-408xx/CVE-2023-40846.json) (`2023-08-28T14:15:09.197`) +* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-28T16:15:08.627`) +* [CVE-2023-39560](CVE-2023/CVE-2023-395xx/CVE-2023-39560.json) (`2023-08-28T17:15:09.820`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `12` -* [CVE-2023-22815](CVE-2023/CVE-2023-228xx/CVE-2023-22815.json) (`2023-08-28T14:49:34.977`) -* [CVE-2023-2234](CVE-2023/CVE-2023-22xx/CVE-2023-2234.json) (`2023-08-28T15:32:49.990`) +* [CVE-2020-21583](CVE-2020/CVE-2020-215xx/CVE-2020-21583.json) (`2023-08-28T16:35:03.030`) +* [CVE-2020-26683](CVE-2020/CVE-2020-266xx/CVE-2020-26683.json) (`2023-08-28T16:44:27.123`) +* [CVE-2021-34193](CVE-2021/CVE-2021-341xx/CVE-2021-34193.json) (`2023-08-28T17:04:48.407`) +* [CVE-2021-35309](CVE-2021/CVE-2021-353xx/CVE-2021-35309.json) (`2023-08-28T17:23:51.530`) +* [CVE-2021-40263](CVE-2021/CVE-2021-402xx/CVE-2021-40263.json) (`2023-08-28T17:25:01.043`) +* [CVE-2021-46312](CVE-2021/CVE-2021-463xx/CVE-2021-46312.json) (`2023-08-28T17:40:07.023`) +* [CVE-2021-46310](CVE-2021/CVE-2021-463xx/CVE-2021-46310.json) (`2023-08-28T17:46:02.613`) +* [CVE-2023-20232](CVE-2023/CVE-2023-202xx/CVE-2023-20232.json) (`2023-08-28T16:00:45.907`) +* [CVE-2023-32563](CVE-2023/CVE-2023-325xx/CVE-2023-32563.json) (`2023-08-28T16:15:09.003`) +* [CVE-2023-37151](CVE-2023/CVE-2023-371xx/CVE-2023-37151.json) (`2023-08-28T16:15:09.600`) +* [CVE-2023-4273](CVE-2023/CVE-2023-42xx/CVE-2023-4273.json) (`2023-08-28T16:15:09.860`) +* [CVE-2023-27576](CVE-2023/CVE-2023-275xx/CVE-2023-27576.json) (`2023-08-28T17:15:09.600`) ## Download and Usage