diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23958.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23958.json index de6a07935ea..36b2885d63e 100644 --- a/CVE-2023/CVE-2023-239xx/CVE-2023-23958.json +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23958.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23958", "sourceIdentifier": "secure@symantec.com", "published": "2023-09-27T15:18:46.280", - "lastModified": "2023-09-27T15:41:20.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:14:41.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "secure@symantec.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@symantec.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1.0", + "matchCriteriaId": "589D3A88-B848-4260-AE09-C83FFF97FFCB" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22599", - "source": "secure@symantec.com" + "source": "secure@symantec.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4088.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4088.json index 2d2db24deb5..d70840d44a9 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4088.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4088.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4088", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2023-09-20T03:15:13.687", - "lastModified": "2023-09-25T16:28:53.753", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-28T00:15:09.553", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -98,6 +98,14 @@ } ], "references": [ + { + "url": "https://jvn.jp/vu/JVNVU96447193/index.html", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41962.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41962.json index 072a1686f97..06b8179f801 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41962.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41962.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41962", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-27T15:19:31.577", - "lastModified": "2023-09-27T15:41:42.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:06:56.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "2.7", + "versionEndIncluding": "2.8.21", + "matchCriteriaId": "3A07E8A8-4F65-42E9-8AFE-B5E4A7D23CCF" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97197972/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.welcart.com/archives/20106.html", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43614.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43614.json index dd67a860f01..5ed77997583 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43614.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43614.json @@ -2,23 +2,83 @@ "id": "CVE-2023-43614", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-27T15:19:34.280", - "lastModified": "2023-09-27T15:41:42.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:10:50.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "2.7", + "versionEndIncluding": "2.8.21", + "matchCriteriaId": "3A07E8A8-4F65-42E9-8AFE-B5E4A7D23CCF" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97197972/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.welcart.com/archives/20106.html", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44152.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44152.json index d8fcae3334c..4e185924c74 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44152.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44152.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44152", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:37.493", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:22:12.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,83 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-1908", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44153.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44153.json index a19361e81f8..95f29485745 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44153.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44153.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44153", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:37.570", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:23:03.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,83 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-1994", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44154.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44154.json index 92d355b93cc..8ca0c718cfb 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44154.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44154.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44154", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:37.650", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:27:19.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-2436", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44155.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44155.json index 29f581052c6..66abf80adc2 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44155.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44155.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44155", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:37.730", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:28:18.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-3471", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44156.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44156.json index d86cc94c537..8a50d5b90e1 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44156.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44156.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44156", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:37.817", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:31:19.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-5124", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44157.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44157.json index 02c19a6164f..6366d0704df 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44157.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44157.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44157", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:37.897", - "lastModified": "2023-09-27T15:41:31.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:36:28.527", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,73 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-3956", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44158.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44158.json index 0a21e387d76..5d6d3337467 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44158.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44158.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44158", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:37.980", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:38:48.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-4071", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44159.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44159.json index 81603586582..895354a6155 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44159.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44159.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44159", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:38.063", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:45:43.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-5787", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44160.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44160.json index 369903a2c6a..1f7c1b47b84 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44160.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44160.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44160", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:38.223", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:47:00.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-4083", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44161.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44161.json index 44f7fb43801..bbea40a24bd 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44161.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44161.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44161", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:38.323", - "lastModified": "2023-09-27T15:41:26.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:52:50.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-4084", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44207.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44207.json index f329198ea64..c720d2a66a2 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44207.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44207.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44207", "sourceIdentifier": "security@acronis.com", "published": "2023-09-27T15:19:39.477", - "lastModified": "2023-09-27T15:41:20.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-28T01:58:26.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15", + "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", + "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", + "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", + "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", + "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", + "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", + "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-5914", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5244.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5244.json new file mode 100644 index 00000000000..eaee6b0c366 --- /dev/null +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5244.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5244", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-09-28T01:15:09.060", + "lastModified": "2023-09-28T01:15:09.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 82c8a7cbfd3..3841fd72874 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-27T23:55:24.740814+00:00 +2023-09-28T02:00:25.747309+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-27T23:15:12.113000+00:00 +2023-09-28T01:58:26.690000+00:00 ``` ### Last Data Feed Release @@ -23,40 +23,41 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-09-27T00:00:13.558556+00:00 +2023-09-28T00:00:13.573620+00:00 ``` ### Total Number of included CVEs ```plain -226482 +226483 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `1` -* [CVE-2023-43192](CVE-2023/CVE-2023-431xx/CVE-2023-43192.json) (`2023-09-27T22:15:09.700`) -* [CVE-2023-43660](CVE-2023/CVE-2023-436xx/CVE-2023-43660.json) (`2023-09-27T22:15:10.730`) -* [CVE-2023-44080](CVE-2023/CVE-2023-440xx/CVE-2023-44080.json) (`2023-09-27T22:15:11.783`) -* [CVE-2023-41445](CVE-2023/CVE-2023-414xx/CVE-2023-41445.json) (`2023-09-27T23:15:10.150`) -* [CVE-2023-41448](CVE-2023/CVE-2023-414xx/CVE-2023-41448.json) (`2023-09-27T23:15:11.667`) -* [CVE-2023-41449](CVE-2023/CVE-2023-414xx/CVE-2023-41449.json) (`2023-09-27T23:15:11.730`) -* [CVE-2023-41451](CVE-2023/CVE-2023-414xx/CVE-2023-41451.json) (`2023-09-27T23:15:11.787`) -* [CVE-2023-41452](CVE-2023/CVE-2023-414xx/CVE-2023-41452.json) (`2023-09-27T23:15:11.843`) -* [CVE-2023-41453](CVE-2023/CVE-2023-414xx/CVE-2023-41453.json) (`2023-09-27T23:15:11.900`) -* [CVE-2023-43191](CVE-2023/CVE-2023-431xx/CVE-2023-43191.json) (`2023-09-27T23:15:11.960`) -* [CVE-2023-43233](CVE-2023/CVE-2023-432xx/CVE-2023-43233.json) (`2023-09-27T23:15:12.007`) -* [CVE-2023-43314](CVE-2023/CVE-2023-433xx/CVE-2023-43314.json) (`2023-09-27T23:15:12.057`) -* [CVE-2023-43320](CVE-2023/CVE-2023-433xx/CVE-2023-43320.json) (`2023-09-27T23:15:12.113`) +* [CVE-2023-5244](CVE-2023/CVE-2023-52xx/CVE-2023-5244.json) (`2023-09-28T01:15:09.060`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `15` -* [CVE-2023-44047](CVE-2023/CVE-2023-440xx/CVE-2023-44047.json) (`2023-09-27T22:15:11.283`) -* [CVE-2023-44048](CVE-2023/CVE-2023-440xx/CVE-2023-44048.json) (`2023-09-27T22:15:11.513`) +* [CVE-2023-4088](CVE-2023/CVE-2023-40xx/CVE-2023-4088.json) (`2023-09-28T00:15:09.553`) +* [CVE-2023-41962](CVE-2023/CVE-2023-419xx/CVE-2023-41962.json) (`2023-09-28T01:06:56.717`) +* [CVE-2023-43614](CVE-2023/CVE-2023-436xx/CVE-2023-43614.json) (`2023-09-28T01:10:50.470`) +* [CVE-2023-23958](CVE-2023/CVE-2023-239xx/CVE-2023-23958.json) (`2023-09-28T01:14:41.083`) +* [CVE-2023-44152](CVE-2023/CVE-2023-441xx/CVE-2023-44152.json) (`2023-09-28T01:22:12.437`) +* [CVE-2023-44153](CVE-2023/CVE-2023-441xx/CVE-2023-44153.json) (`2023-09-28T01:23:03.267`) +* [CVE-2023-44154](CVE-2023/CVE-2023-441xx/CVE-2023-44154.json) (`2023-09-28T01:27:19.867`) +* [CVE-2023-44155](CVE-2023/CVE-2023-441xx/CVE-2023-44155.json) (`2023-09-28T01:28:18.913`) +* [CVE-2023-44156](CVE-2023/CVE-2023-441xx/CVE-2023-44156.json) (`2023-09-28T01:31:19.293`) +* [CVE-2023-44157](CVE-2023/CVE-2023-441xx/CVE-2023-44157.json) (`2023-09-28T01:36:28.527`) +* [CVE-2023-44158](CVE-2023/CVE-2023-441xx/CVE-2023-44158.json) (`2023-09-28T01:38:48.113`) +* [CVE-2023-44159](CVE-2023/CVE-2023-441xx/CVE-2023-44159.json) (`2023-09-28T01:45:43.997`) +* [CVE-2023-44160](CVE-2023/CVE-2023-441xx/CVE-2023-44160.json) (`2023-09-28T01:47:00.950`) +* [CVE-2023-44161](CVE-2023/CVE-2023-441xx/CVE-2023-44161.json) (`2023-09-28T01:52:50.597`) +* [CVE-2023-44207](CVE-2023/CVE-2023-442xx/CVE-2023-44207.json) (`2023-09-28T01:58:26.690`) ## Download and Usage