From f260538f909cf7f2f7c72a8569522509617a9379 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 6 Oct 2023 18:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-06T18:00:24.978385+00:00 --- CVE-2006/CVE-2006-04xx/CVE-2006-0459.json | 91 ++++++-- CVE-2016/CVE-2016-63xx/CVE-2016-6354.json | 6 +- CVE-2019/CVE-2019-197xx/CVE-2019-19726.json | 6 +- CVE-2019/CVE-2019-62xx/CVE-2019-6293.json | 6 +- CVE-2020/CVE-2020-62xx/CVE-2020-6215.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1233.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1241.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1260.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1261.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1262.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1263.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1273.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1274.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1278.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1279.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1298.json | 6 +- CVE-2021/CVE-2021-12xx/CVE-2021-1299.json | 6 +- CVE-2021/CVE-2021-13xx/CVE-2021-1300.json | 6 +- CVE-2021/CVE-2021-13xx/CVE-2021-1301.json | 6 +- CVE-2021/CVE-2021-13xx/CVE-2021-1302.json | 6 +- CVE-2021/CVE-2021-13xx/CVE-2021-1304.json | 6 +- CVE-2022/CVE-2022-207xx/CVE-2022-20716.json | 6 +- CVE-2022/CVE-2022-362xx/CVE-2022-36276.json | 60 +++++- CVE-2022/CVE-2022-362xx/CVE-2022-36277.json | 60 +++++- CVE-2023/CVE-2023-226xx/CVE-2023-22618.json | 220 +++++++++++++++++++- CVE-2023/CVE-2023-233xx/CVE-2023-23365.json | 59 ++++++ CVE-2023/CVE-2023-233xx/CVE-2023-23366.json | 59 ++++++ CVE-2023/CVE-2023-233xx/CVE-2023-23370.json | 55 +++++ CVE-2023/CVE-2023-233xx/CVE-2023-23371.json | 59 ++++++ CVE-2023/CVE-2023-254xx/CVE-2023-25489.json | 51 ++++- CVE-2023/CVE-2023-267xx/CVE-2023-26782.json | 4 +- CVE-2023/CVE-2023-31xx/CVE-2023-3153.json | 159 +++++++++++++- CVE-2023/CVE-2023-320xx/CVE-2023-32091.json | 51 ++++- CVE-2023/CVE-2023-329xx/CVE-2023-32971.json | 59 ++++++ CVE-2023/CVE-2023-329xx/CVE-2023-32972.json | 59 ++++++ CVE-2023/CVE-2023-32xx/CVE-2023-3213.json | 36 +++- CVE-2023/CVE-2023-394xx/CVE-2023-39410.json | 10 +- CVE-2023/CVE-2023-399xx/CVE-2023-39928.json | 55 +++++ CVE-2023/CVE-2023-401xx/CVE-2023-40199.json | 51 ++++- CVE-2023/CVE-2023-402xx/CVE-2023-40201.json | 51 ++++- CVE-2023/CVE-2023-402xx/CVE-2023-40202.json | 51 ++++- CVE-2023/CVE-2023-405xx/CVE-2023-40558.json | 51 ++++- CVE-2023/CVE-2023-430xx/CVE-2023-43068.json | 51 ++++- CVE-2023/CVE-2023-430xx/CVE-2023-43069.json | 63 +++++- CVE-2023/CVE-2023-430xx/CVE-2023-43070.json | 51 ++++- CVE-2023/CVE-2023-430xx/CVE-2023-43071.json | 51 ++++- CVE-2023/CVE-2023-430xx/CVE-2023-43072.json | 51 ++++- CVE-2023/CVE-2023-430xx/CVE-2023-43073.json | 51 ++++- CVE-2023/CVE-2023-437xx/CVE-2023-43702.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43703.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43704.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43705.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43706.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43707.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43708.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43709.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43710.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43711.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43712.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43713.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43714.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43715.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43716.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43717.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43718.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43719.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43720.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43721.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43722.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43723.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43724.json | 24 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43725.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43726.json | 24 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43727.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43728.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43729.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43730.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43731.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43732.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43733.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43734.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43735.json | 28 +-- CVE-2023/CVE-2023-437xx/CVE-2023-43740.json | 4 +- CVE-2023/CVE-2023-438xx/CVE-2023-43838.json | 93 ++++++++- CVE-2023/CVE-2023-439xx/CVE-2023-43980.json | 69 +++++- CVE-2023/CVE-2023-440xx/CVE-2023-44043.json | 4 +- CVE-2023/CVE-2023-442xx/CVE-2023-44233.json | 55 +++++ CVE-2023/CVE-2023-442xx/CVE-2023-44243.json | 55 +++++ CVE-2023/CVE-2023-448xx/CVE-2023-44807.json | 24 +++ CVE-2023/CVE-2023-44xx/CVE-2023-4401.json | 63 +++++- CVE-2023/CVE-2023-44xx/CVE-2023-4491.json | 60 +++++- CVE-2023/CVE-2023-44xx/CVE-2023-4492.json | 60 +++++- CVE-2023/CVE-2023-44xx/CVE-2023-4493.json | 60 +++++- CVE-2023/CVE-2023-44xx/CVE-2023-4494.json | 60 +++++- CVE-2023/CVE-2023-44xx/CVE-2023-4495.json | 61 +++++- CVE-2023/CVE-2023-44xx/CVE-2023-4496.json | 61 +++++- CVE-2023/CVE-2023-44xx/CVE-2023-4497.json | 61 +++++- CVE-2023/CVE-2023-49xx/CVE-2023-4911.json | 6 +- CVE-2023/CVE-2023-50xx/CVE-2023-5053.json | 18 +- CVE-2023/CVE-2023-51xx/CVE-2023-5111.json | 4 +- CVE-2023/CVE-2023-51xx/CVE-2023-5112.json | 28 +-- README.md | 85 ++++---- 102 files changed, 2944 insertions(+), 726 deletions(-) create mode 100644 CVE-2023/CVE-2023-233xx/CVE-2023-23365.json create mode 100644 CVE-2023/CVE-2023-233xx/CVE-2023-23366.json create mode 100644 CVE-2023/CVE-2023-233xx/CVE-2023-23370.json create mode 100644 CVE-2023/CVE-2023-233xx/CVE-2023-23371.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32971.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32972.json create mode 100644 CVE-2023/CVE-2023-399xx/CVE-2023-39928.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44233.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44243.json create mode 100644 CVE-2023/CVE-2023-448xx/CVE-2023-44807.json diff --git a/CVE-2006/CVE-2006-04xx/CVE-2006-0459.json b/CVE-2006/CVE-2006-04xx/CVE-2006-0459.json index f4a2add5ace..d9e42057586 100644 --- a/CVE-2006/CVE-2006-04xx/CVE-2006-0459.json +++ b/CVE-2006/CVE-2006-04xx/CVE-2006-0459.json @@ -2,8 +2,8 @@ "id": "CVE-2006-0459", "sourceIdentifier": "secalert@redhat.com", "published": "2006-03-29T23:02:00.000", - "lastModified": "2018-10-03T21:35:35.057", - "vulnStatus": "Modified", + "lastModified": "2023-10-06T17:23:19.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -65,14 +65,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:will_estes_and_john_millaway:flex:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:westes:flex:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.5.32", - "matchCriteriaId": "30229289-06EE-4F8A-ACF2-90F846519D57" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:will_estes_and_john_millaway:flex:2.5.30:*:*:*:*:*:*:*", - "matchCriteriaId": "3C0DBBA1-0E20-47C4-9D87-951C9655C768" + "matchCriteriaId": "E0145625-8490-4671-A17C-85426C258AF9" } ] } @@ -82,25 +77,77 @@ "references": [ { "url": "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Product" + ] + }, + { + "url": "http://secunia.com/advisories/19071", + "source": "secalert@redhat.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/19126", + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/19228", + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/19424", + "source": "secalert@redhat.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "http://securityreason.com/securityalert/570", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Release Notes" + ] }, { "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://www.osvdb.org/23440", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Patch" + ] }, { "url": "http://www.securityfocus.com/bid/16896", "source": "secalert@redhat.com", "tags": [ - "Patch" + "Patch", + "Third Party Advisory", + "VDB Entry" ] }, { @@ -113,15 +160,25 @@ }, { "url": "http://www.vupen.com/english/advisories/2006/0770", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "URL Repurposed" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24995", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "VDB Entry" + ] }, { "url": "https://usn.ubuntu.com/260-1/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2016/CVE-2016-63xx/CVE-2016-6354.json b/CVE-2016/CVE-2016-63xx/CVE-2016-6354.json index a952ef6cad2..1432ffe1a26 100644 --- a/CVE-2016/CVE-2016-63xx/CVE-2016-6354.json +++ b/CVE-2016/CVE-2016-63xx/CVE-2016-6354.json @@ -2,7 +2,7 @@ "id": "CVE-2016-6354", "sourceIdentifier": "cve@mitre.org", "published": "2016-09-21T14:25:20.800", - "lastModified": "2017-01-18T02:59:08.390", + "lastModified": "2023-10-06T17:12:21.840", "vulnStatus": "Modified", "descriptions": [ { @@ -99,9 +99,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:flex_project:flex:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:westes:flex:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.6.0", - "matchCriteriaId": "E0DA3F8A-FC82-4E61-88C4-282AB9554A6C" + "matchCriteriaId": "BCADB986-7D3F-4E57-B982-08800DD34F0F" } ] } diff --git a/CVE-2019/CVE-2019-197xx/CVE-2019-19726.json b/CVE-2019/CVE-2019-197xx/CVE-2019-19726.json index 7fac3621bac..6261fd74b84 100644 --- a/CVE-2019/CVE-2019-197xx/CVE-2019-19726.json +++ b/CVE-2019/CVE-2019-197xx/CVE-2019-19726.json @@ -2,7 +2,7 @@ "id": "CVE-2019-19726", "sourceIdentifier": "cve@mitre.org", "published": "2019-12-12T01:15:10.823", - "lastModified": "2023-10-06T06:15:09.430", + "lastModified": "2023-10-06T17:15:11.493", "vulnStatus": "Modified", "descriptions": [ { @@ -111,6 +111,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2019/Dec/31", "source": "cve@mitre.org", diff --git a/CVE-2019/CVE-2019-62xx/CVE-2019-6293.json b/CVE-2019/CVE-2019-62xx/CVE-2019-6293.json index 2fa364ea8e2..22909d0913b 100644 --- a/CVE-2019/CVE-2019-62xx/CVE-2019-6293.json +++ b/CVE-2019/CVE-2019-62xx/CVE-2019-6293.json @@ -2,7 +2,7 @@ "id": "CVE-2019-6293", "sourceIdentifier": "cve@mitre.org", "published": "2019-01-15T00:29:00.523", - "lastModified": "2020-08-24T17:37:01.140", + "lastModified": "2023-10-06T17:12:21.840", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:flex_project:flex:2.6.4:*:*:*:*:*:*:*", - "matchCriteriaId": "5EFD34FB-2AF6-4BC9-A4EE-0A958797BE86" + "criteria": "cpe:2.3:a:westes:flex:2.6.4:*:*:*:*:*:*:*", + "matchCriteriaId": "102A6858-CA8E-4679-9806-0851B19327EC" } ] } diff --git a/CVE-2020/CVE-2020-62xx/CVE-2020-6215.json b/CVE-2020/CVE-2020-62xx/CVE-2020-6215.json index b2503702942..01fb798b003 100644 --- a/CVE-2020/CVE-2020-62xx/CVE-2020-6215.json +++ b/CVE-2020/CVE-2020-62xx/CVE-2020-6215.json @@ -2,7 +2,7 @@ "id": "CVE-2020-6215", "sourceIdentifier": "cna@sap.com", "published": "2020-04-14T20:15:15.293", - "lastModified": "2023-10-06T06:15:10.467", + "lastModified": "2023-10-06T17:15:11.600", "vulnStatus": "Modified", "descriptions": [ { @@ -165,6 +165,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html", + "source": "cna@sap.com" + }, { "url": "http://seclists.org/fulldisclosure/2023/Oct/13", "source": "cna@sap.com" diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1233.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1233.json index 7709df24834..0d64cfadfa8 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1233.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1233.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1233", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T21:15:11.943", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -179,8 +179,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1241.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1241.json index 3266b938b6a..2774801c4cf 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1241.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1241.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1241", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T21:15:12.100", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -223,8 +223,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1260.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1260.json index 34e2bf60ddc..20b0e875873 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1260.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1260.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1260", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:14.643", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -213,8 +213,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1261.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1261.json index ada970afc54..e1738a1b038 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1261.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1261.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1261", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:14.800", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -213,8 +213,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1262.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1262.json index 16308a3b19d..6fd9cafadb8 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1262.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1262.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1262", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:14.970", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -183,8 +183,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1263.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1263.json index 013d5582ba9..a13fdccc204 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1263.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1263.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1263", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:15.127", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -213,8 +213,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1273.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1273.json index 74126212215..2eddbfebeb2 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1273.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1273.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1273", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:15.923", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -223,8 +223,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1274.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1274.json index 8d479390496..ec64b010f2c 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1274.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1274.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1274", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:15.970", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -233,8 +233,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1278.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1278.json index be2a27d800d..5e334879a78 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1278.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1278.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1278", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:16.173", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -233,8 +233,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1279.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1279.json index 39d10ed6513..d2107f3813e 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1279.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1279.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1279", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:16.253", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -233,8 +233,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1298.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1298.json index 11e18abc638..c6e76f55b2d 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1298.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1298.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1298", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:16.643", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -213,8 +213,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1299.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1299.json index b3ac764e567..3c7cd7f5eda 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1299.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1299.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1299", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:16.720", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -213,8 +213,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-13xx/CVE-2021-1300.json b/CVE-2021/CVE-2021-13xx/CVE-2021-1300.json index 80bebaf3141..46bf0dc9e18 100644 --- a/CVE-2021/CVE-2021-13xx/CVE-2021-1300.json +++ b/CVE-2021/CVE-2021-13xx/CVE-2021-1300.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1300", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:16.800", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -203,8 +203,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-13xx/CVE-2021-1301.json b/CVE-2021/CVE-2021-13xx/CVE-2021-1301.json index 816562a4db2..20208d31c2b 100644 --- a/CVE-2021/CVE-2021-13xx/CVE-2021-1301.json +++ b/CVE-2021/CVE-2021-13xx/CVE-2021-1301.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1301", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:16.877", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -203,8 +203,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-13xx/CVE-2021-1302.json b/CVE-2021/CVE-2021-13xx/CVE-2021-1302.json index db53829f8a5..8fc198b9860 100644 --- a/CVE-2021/CVE-2021-13xx/CVE-2021-1302.json +++ b/CVE-2021/CVE-2021-13xx/CVE-2021-1302.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1302", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:16.970", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -116,8 +116,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" } ] } diff --git a/CVE-2021/CVE-2021-13xx/CVE-2021-1304.json b/CVE-2021/CVE-2021-13xx/CVE-2021-1304.json index fdbb0be6d7d..00019872f00 100644 --- a/CVE-2021/CVE-2021-13xx/CVE-2021-1304.json +++ b/CVE-2021/CVE-2021-13xx/CVE-2021-1304.json @@ -2,7 +2,7 @@ "id": "CVE-2021-1304", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-01-20T20:15:17.127", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -116,8 +116,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" } ] } diff --git a/CVE-2022/CVE-2022-207xx/CVE-2022-20716.json b/CVE-2022/CVE-2022-207xx/CVE-2022-20716.json index 81a186ca232..dac709af313 100644 --- a/CVE-2022/CVE-2022-207xx/CVE-2022-20716.json +++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20716.json @@ -2,7 +2,7 @@ "id": "CVE-2022-20716", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:13.063", - "lastModified": "2023-09-29T15:03:41.913", + "lastModified": "2023-10-06T16:24:48.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -116,8 +116,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017" + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5" }, { "vulnerable": true, diff --git a/CVE-2022/CVE-2022-362xx/CVE-2022-36276.json b/CVE-2022/CVE-2022-362xx/CVE-2022-36276.json index 0d28004bc12..b9aa54fadae 100644 --- a/CVE-2022/CVE-2022-362xx/CVE-2022-36276.json +++ b/CVE-2022/CVE-2022-362xx/CVE-2022-36276.json @@ -2,16 +2,40 @@ "id": "CVE-2022-36276", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T16:15:10.033", - "lastModified": "2023-10-04T18:14:55.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:17:28.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database." + }, + { + "lang": "es", + "value": "TCMAN GIM v8.0.1 es vulnerable a una inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'SqlWhere' dentro de la funci\u00f3n 'BuscarESM'. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir que un atacante remoto interact\u00fae directamente con la base de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tcman:gim:8.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "11CE9810-63E8-47FB-80D7-E5D17613C8DD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-362xx/CVE-2022-36277.json b/CVE-2022/CVE-2022-362xx/CVE-2022-36277.json index 2f883d9a42d..1fd5750735c 100644 --- a/CVE-2022/CVE-2022-362xx/CVE-2022-36277.json +++ b/CVE-2022/CVE-2022-362xx/CVE-2022-36277.json @@ -2,16 +2,40 @@ "id": "CVE-2022-36277", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T16:15:10.103", - "lastModified": "2023-10-04T18:14:55.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:16:56.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks." + }, + { + "lang": "es", + "value": "Los par\u00e1metros 'sReferencia', 'sDescripcion', 'txtCodigo' y 'txtDescripcion', en los archivos frmGestionStock.aspx y frmEditServicio.aspx en TCMAN GIM v8.0.1, podr\u00edan permitir a un atacante realizar ataques XSS persistentes." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tcman:gim:8.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "11CE9810-63E8-47FB-80D7-E5D17613C8DD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22618.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22618.json index e71990e82a2..91a699e1bf3 100644 --- a/CVE-2023/CVE-2023-226xx/CVE-2023-22618.json +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22618.json @@ -2,16 +2,40 @@ "id": "CVE-2023-22618", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-04T12:15:10.300", - "lastModified": "2023-10-04T12:56:02.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:23:54.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans." + }, + { + "lang": "es", + "value": "Si no se siguen las reglas de la gu\u00eda de refuerzo de seguridad, los productos Nokia WaveLite permiten a un usuario local crear nuevos usuarios con privilegios administrativos mediante la manipulaci\u00f3n de una solicitud web. Esto afecta (por ejemplo) a: WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, y WaveLite Metro 200 NE OPS and F2B fans." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,14 +58,202 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nokia:wavelite_metro_200_and_fan_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "r2.1.1", + "matchCriteriaId": "BB113474-6B7B-4381-AEBC-F66AC7F901DC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nokia:wavelite_metro_200_and_fan:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C4207E9-E6F7-4BE7-8479-ABD20CF7C567" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nokia:wavelite_metro_200_ops_and_fans_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "r2.1.1", + "matchCriteriaId": "20A58D4A-8FF3-4E1C-8B55-0B62BE31234C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nokia:wavelite_metro_200_ops_and_fans:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3F5C24BC-465A-40BA-8401-3ED9DFB436F6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nokia:wavelite_metro_200_and_f2b_fans_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "r2.1.1", + "matchCriteriaId": "B2EDFA13-A50A-478A-B976-DDAC931F4101" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nokia:wavelite_metro_200_and_f2b_fans:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D596475-F5A2-4E4F-8089-1FABC6F9040E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nokia:wavelite_metro_200_ops_and_f2b_fans_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "r2.1.1", + "matchCriteriaId": "B3D0DF10-B1C1-4942-BDB7-E8C7DC1940CB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nokia:wavelite_metro_200_ops_and_f2b_fans:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A96C6248-AF86-4789-B54A-526F3F2E0200" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nokia:wavelite_metro_200_ne_and_f2b_fans_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "r2.1.1", + "matchCriteriaId": "AA7E04B2-3E58-4B59-A333-037A878124CC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nokia:wavelite_metro_200_ne_and_f2b_fans:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9643CBCD-1304-42CF-8EFC-88A7278C28E3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nokia:wavelite_metro_200_ne_ops_and_f2b_fans_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "r2.1.1", + "matchCriteriaId": "8EC1F219-E43D-4027-849D-42BEFB5CC709" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nokia:wavelite_metro_200_ne_ops_and_f2b_fans:-:*:*:*:*:*:*:*", + "matchCriteriaId": "762C3BED-CF69-4E7A-9A42-450C5BA6BADB" + } + ] + } + ] + } + ], "references": [ { "url": "https://nokia.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23365.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23365.json new file mode 100644 index 00000000000..c8eef994fdd --- /dev/null +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23365.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-23365", + "sourceIdentifier": "security@qnapsecurity.com.tw", + "published": "2023-10-06T17:15:11.737", + "lastModified": "2023-10-06T17:15:11.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.3.22 and later\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + }, + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-28", + "source": "security@qnapsecurity.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23366.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23366.json new file mode 100644 index 00000000000..5002ab9ec2c --- /dev/null +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23366.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-23366", + "sourceIdentifier": "security@qnapsecurity.com.tw", + "published": "2023-10-06T17:15:11.840", + "lastModified": "2023-10-06T17:15:11.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.3.22 and later\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + }, + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-28", + "source": "security@qnapsecurity.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23370.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23370.json new file mode 100644 index 00000000000..f3f4e9af29c --- /dev/null +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23370.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23370", + "sourceIdentifier": "security@qnapsecurity.com.tw", + "published": "2023-10-06T17:15:11.920", + "lastModified": "2023-10-06T17:15:11.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-36", + "source": "security@qnapsecurity.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23371.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23371.json new file mode 100644 index 00000000000..3968d834396 --- /dev/null +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23371.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-23371", + "sourceIdentifier": "security@qnapsecurity.com.tw", + "published": "2023-10-06T17:15:11.997", + "lastModified": "2023-10-06T17:15:11.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.2.0.0823 and later\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.1, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + }, + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-39", + "source": "security@qnapsecurity.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25489.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25489.json index 10f76e87e11..5fc5f1674bc 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25489.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25489.json @@ -2,16 +2,40 @@ "id": "CVE-2023-25489", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-04T11:15:09.917", - "lastModified": "2023-10-04T12:56:02.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:26:25.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <=\u00a02.0.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jeff Sherk Update Theme and Plugins en el complemento Zip File en versiones <= 2.0.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iwebss:update_theme_and_plugins_from_zip_file:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.0", + "matchCriteriaId": "27B6D40C-2CE4-41E8-9220-8A6C65CA1140" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/update-theme-and-plugins-from-zip-file/wordpress-update-theme-and-plugins-from-zip-file-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-267xx/CVE-2023-26782.json b/CVE-2023/CVE-2023-267xx/CVE-2023-26782.json index 2852d04f0cf..157cb3eadb9 100644 --- a/CVE-2023/CVE-2023-267xx/CVE-2023-26782.json +++ b/CVE-2023/CVE-2023-267xx/CVE-2023-26782.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26782", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T20:15:13.883", - "lastModified": "2023-05-09T01:54:45.817", + "lastModified": "2023-10-06T17:20:59.803", "vulnStatus": "Analyzed", "descriptions": [ { @@ -41,7 +41,7 @@ "description": [ { "lang": "en", - "value": "CWE-88" + "value": "CWE-94" } ] } diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3153.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3153.json index afe35cbe72b..699a707a4d8 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3153.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3153.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3153", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T12:15:10.503", - "lastModified": "2023-10-04T12:56:02.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:23:42.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Open Virtual Network donde el monitor de servicio MAC no califica correctamente el l\u00edmite. Este problema podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio, incluso en implementaciones con CoPP habilitado y configurado correctamente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,30 +58,149 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.03.3", + "matchCriteriaId": "5CA7DFF4-C739-4EE8-AC5D-6EC06E387309" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.03.4", + "versionEndExcluding": "22.09.2", + "matchCriteriaId": "66B2BA9A-04F3-4E63-B367-E7AE5AD04FB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.09.3", + "versionEndExcluding": "22.12.1", + "matchCriteriaId": "393B5A8F-01A6-48E3-9D04-E9F5EDDCA555" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.12.2", + "versionEndExcluding": "23.03.1", + "matchCriteriaId": "20978238-A456-4B17-B7AD-DC006C6B16A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.03.2", + "versionEndExcluding": "23.06.1", + "matchCriteriaId": "D7AF4A0C-4E74-4721-96E0-E5A400B9AF58" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3153", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ovn-org/ovn/issues/198", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mitigation", + "Patch" + ] }, { "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32091.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32091.json index 538b24019b9..2bccb49e69f 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32091.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32091.json @@ -2,16 +2,40 @@ "id": "CVE-2023-32091", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-03T14:15:10.703", - "lastModified": "2023-10-03T14:29:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:24:58.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <=\u00a00.9.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento POEditor en versiones <= 0.9.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:poeditor:poeditor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.9.4", + "matchCriteriaId": "F8C0D20C-4C9B-4D64-A12A-A61D4B3015F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/poeditor/wordpress-poeditor-plugin-0-9-4-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32971.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32971.json new file mode 100644 index 00000000000..5866cfeb527 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32971.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-32971", + "sourceIdentifier": "security@qnapsecurity.com.tw", + "published": "2023-10-06T17:15:12.083", + "lastModified": "2023-10-06T17:15:12.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-37", + "source": "security@qnapsecurity.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32972.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32972.json new file mode 100644 index 00000000000..1813642dfce --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32972.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-32972", + "sourceIdentifier": "security@qnapsecurity.com.tw", + "published": "2023-10-06T17:15:12.170", + "lastModified": "2023-10-06T17:15:12.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-37", + "source": "security@qnapsecurity.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3213.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3213.json index d3dfd18e1fc..d6ba889b3fe 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3213.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3213.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3213", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-04T02:15:09.990", - "lastModified": "2023-10-04T12:56:10.477", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-06T16:26:39.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information." + }, + { + "lang": "es", + "value": "El complemento WP Mail SMTP Pro para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capability en la funci\u00f3n is_print_page en versiones hasta la 3.8.0 incluida. Esto hace posible que atacantes no autenticados revelen informaci\u00f3n de correo electr\u00f3nico potencialmente confidencial." } ], "metrics": { @@ -46,14 +50,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpforms:wp_mail_smtp:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "3.8.0", + "matchCriteriaId": "72700BB4-510E-4F8B-9DA2-4E55E08D2852" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpmailsmtp.com/docs/how-to-view-recent-changes-to-the-wp-mail-smtp-plugin-changelog/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json index 84d68d1469b..b76b6ac0427 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39410", "sourceIdentifier": "security@apache.org", "published": "2023-09-29T17:15:46.923", - "lastModified": "2023-10-04T09:15:31.680", - "vulnStatus": "Modified", + "lastModified": "2023-10-06T17:58:36.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -89,7 +89,11 @@ }, { "url": "https://www.openwall.com/lists/oss-security/2023/09/29/6", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json new file mode 100644 index 00000000000..95e7f544640 --- /dev/null +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39928", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2023-10-06T16:15:13.223", + "lastModified": "2023-10-06T17:11:15.080", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40199.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40199.json index fc2626b5568..e51d9a4eced 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40199.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40199.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40199", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-03T13:15:10.750", - "lastModified": "2023-10-03T13:52:20.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:24:47.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <=\u00a01.7.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento CRUDLab WP Like Button en versiones <= 1.7.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crudlab:wp_like_button:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.0", + "matchCriteriaId": "F94DEA25-0587-4324-8892-B56736D6B26C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-like-button/wordpress-wp-like-button-plugin-1-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40201.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40201.json index 96ec3cf5257..fb43a1d5a86 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40201.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40201.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40201", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-03T13:15:10.833", - "lastModified": "2023-10-03T13:52:20.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:25:17.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in\u00a0FuturioWP Futurio Extra plugin <=\u00a01.8.4 versions leads to\u00a0activation of arbitrary plugin." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento FuturioWP Futurio Extra en versiones <= 1.8.4 conduce a la activaci\u00f3n de un complemento arbitrario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:futuriowp:futurio_extra:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8.4", + "matchCriteriaId": "F38CF4C8-CFB4-48A5-A8E4-530E88849E07" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/futurio-extra/wordpress-futurio-extra-plugin-1-8-2-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40202.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40202.json index 7caf95f76cc..b40e132829f 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40202.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40202.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40202", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-03T13:15:10.907", - "lastModified": "2023-10-03T13:52:20.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:24:52.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <=\u00a03.4.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Hannes Etzelstorfer // codemiq WP HTML Mail en versiones <= 3.4.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codemiq:wp_html_mail:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.4.1", + "matchCriteriaId": "EE2928CE-370A-42BB-8A57-ECB774041FA9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-html-mail/wordpress-email-template-designer-wp-html-mail-plugin-3-4-0-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40558.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40558.json index 8ee046a87aa..51b41a39eb6 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40558.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40558.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40558", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-03T14:15:10.983", - "lastModified": "2023-10-03T14:29:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:25:05.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <=\u00a03.3.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en eMarket Design YouTube Video Gallery mediante el complemento YouTube Showcase en versiones <= 3.3.5." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:emarketdesign:youtube_video_gallery:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.3.6", + "matchCriteriaId": "25DFFBA3-E282-4905-9907-E6D4ECEC3191" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/youtube-showcase/wordpress-video-gallery-management-plugin-3-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43068.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43068.json index ff7b20bcd20..1086e9a1693 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43068.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43068.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43068", "sourceIdentifier": "security_alert@emc.com", "published": "2023-10-05T18:15:12.027", - "lastModified": "2023-10-05T19:13:42.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T17:57:26.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.\n\n" + }, + { + "lang": "es", + "value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el shell restringido en SSH. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a ejecutar comandos arbitrarios." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43069.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43069.json index 8b46576a554..e420e435f5a 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43069.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43069.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43069", "sourceIdentifier": "security_alert@emc.com", "published": "2023-10-05T18:15:12.140", - "lastModified": "2023-10-05T19:13:42.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T17:56:59.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.\n\n" + }, + { + "lang": "es", + "value": "Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la CLI. Un atacante local autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una posible inyecci\u00f3n de par\u00e1metros en curl o docker." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "security_alert@emc.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-78" } ] + }, + { + "source": "security_alert@emc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD" + } + ] + } + ] } ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43070.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43070.json index 7f0a8cd0211..211c76df4f7 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43070.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43070.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43070", "sourceIdentifier": "security_alert@emc.com", "published": "2023-10-05T18:15:12.240", - "lastModified": "2023-10-05T19:13:42.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T17:57:03.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.\n\n" + }, + { + "lang": "es", + "value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene una vulnerabilidad de path traversal en la interfaz HTTP. Un atacante autenticado remoto podr\u00eda explotar esta vulnerabilidad, lo que podr\u00eda provocar la modificaci\u00f3n o escritura de archivos arbitrarios en ubicaciones arbitrarias del contenedor de licencias." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43071.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43071.json index 89bc223f90b..495e410c85b 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43071.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43071.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43071", "sourceIdentifier": "security_alert@emc.com", "published": "2023-10-05T18:15:12.347", - "lastModified": "2023-10-05T19:13:42.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T17:56:09.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.\n\n" + }, + { + "lang": "es", + "value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene posibles vulnerabilidades para la inyecci\u00f3n de HTML o de f\u00f3rmula CVS que podr\u00edan derivar en ataques de Cross-Site Scripting en p\u00e1ginas HTML en la GUI. Un atacante autenticado remotamente podr\u00eda explotar estos problemas, lo que dar\u00eda lugar a varios ataques de inyecci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43072.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43072.json index ef8327a0554..6c1a290e9db 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43072.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43072.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43072", "sourceIdentifier": "security_alert@emc.com", "published": "2023-10-05T18:15:12.463", - "lastModified": "2023-10-05T19:13:42.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T17:55:43.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.\n\n" + }, + { + "lang": "es", + "value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene una vulnerabilidad de control de acceso inadecuado en la CLI. Un atacante local posiblemente no autenticado podr\u00eda explotar esta vulnerabilidad, lo que permitir\u00eda ejecutar comandos de shell arbitrarios." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43073.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43073.json index f0ac60d88d2..3f235035a2b 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43073.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43073.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43073", "sourceIdentifier": "security_alert@emc.com", "published": "2023-10-05T18:15:12.563", - "lastModified": "2023-10-05T19:13:42.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T17:55:26.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.\n\n" + }, + { + "lang": "es", + "value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene una vulnerabilidad de validaci\u00f3n de entrada incorrecta en la configuraci\u00f3n RADIUS. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad y obtener acceso no autorizado a los datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43702.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43702.json index aa1f9f3dd9e..9008d04cf40 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43702.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43702.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43702", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T02:15:09.167", - "lastModified": "2023-10-02T20:13:12.410", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:13.320", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43703.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43703.json index 95d55c2843f..acf6366a43b 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43703.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43703.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43703", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T02:15:09.220", - "lastModified": "2023-10-02T20:13:06.190", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:13.440", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43704.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43704.json index 358b80184b4..5357a6ebb97 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43704.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43704.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43704", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T02:15:09.277", - "lastModified": "2023-10-02T20:12:59.533", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:13.543", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43705.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43705.json index 98cf8564f02..5cf1281d2e1 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43705.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43705.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43705", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T02:15:09.337", - "lastModified": "2023-10-02T20:12:48.367", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:13.643", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43706.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43706.json index c3958850bbd..632c9303db4 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43706.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43706.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43706", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T02:15:09.397", - "lastModified": "2023-10-02T20:12:54.877", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:13.737", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43707.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43707.json index 9c6ce513505..bb1a50925c7 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43707.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43707.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43707", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T03:15:09.233", - "lastModified": "2023-10-02T20:12:42.573", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:13.827", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43708.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43708.json index d5fb94b8733..3bb7e57f384 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43708.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43708", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T03:15:09.300", - "lastModified": "2023-10-02T20:12:36.513", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:13.910", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43709.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43709.json index 38e204a9b77..e6355453b0f 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43709.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43709.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43709", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T03:15:09.363", - "lastModified": "2023-10-02T20:12:28.853", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.003", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43710.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43710.json index 3dd33ce84f7..2794a0f71b7 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43710.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43710.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43710", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T03:15:09.423", - "lastModified": "2023-10-02T20:12:21.907", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.093", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43711.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43711.json index 7a2219ef4e6..bab616f31b9 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43711.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43711.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43711", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T03:15:09.487", - "lastModified": "2023-10-02T20:12:08.600", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.183", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json index 3137771a320..e80dbb3510a 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43712", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T21:15:09.850", - "lastModified": "2023-10-02T20:22:53.103", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.273", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json index fe16123f33a..e3c8d347875 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43713", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T21:15:09.947", - "lastModified": "2023-10-02T20:22:47.300", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.370", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json index 1a4e5238aaa..f7128582dd4 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43714", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T21:15:10.010", - "lastModified": "2023-10-02T20:22:42.630", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.457", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json index b7b4eee9d81..c07d742c1b6 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43715", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T21:15:10.077", - "lastModified": "2023-10-02T20:22:38.453", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.547", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json index 134207ee8c1..eb1b902f219 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43716", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T21:15:10.140", - "lastModified": "2023-10-02T20:22:33.860", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43717.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43717.json index 58112b2029e..ff86118ba6b 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43717.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43717.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43717", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.347", - "lastModified": "2023-10-02T20:22:28.010", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.740", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43718.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43718.json index d73dbe54d66..1da4a3f3178 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43718.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43718.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43718", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.410", - "lastModified": "2023-10-02T20:22:22.220", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.823", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43719.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43719.json index 3345cb44bab..ac7617eb862 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43719.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43719.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43719", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.467", - "lastModified": "2023-10-02T20:22:15.927", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:14.917", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43720.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43720.json index 213ef7203ca..6f113898d73 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43720.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43720.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43720", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.533", - "lastModified": "2023-10-02T20:24:18.953", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.007", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43721.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43721.json index 6326db4052d..ac60858e379 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43721.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43721.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43721", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.597", - "lastModified": "2023-10-02T20:24:12.980", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.097", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43722.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43722.json index be9c9d2f922..608e53db2d6 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43722.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43722.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43722", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.657", - "lastModified": "2023-10-02T20:24:07.800", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.187", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43723.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43723.json index 6cac904ccb1..a760334d1e2 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43723.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43723.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43723", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.717", - "lastModified": "2023-10-02T20:24:01.857", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.273", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43724.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43724.json index b9ae0e83cb9..42a4c850ce8 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43724.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43724.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43724", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.777", - "lastModified": "2023-10-02T20:23:55.357", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.367", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, + "availabilityImpact": "NONE", + "baseScore": 7.6, "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 4.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43725.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43725.json index ba0a16d893d..956507afe07 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43725.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43725.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43725", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.843", - "lastModified": "2023-10-02T20:23:49.507", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.460", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43726.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43726.json index 7d7c88b7825..94136dd2ca9 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43726.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43726.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43726", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.903", - "lastModified": "2023-10-02T20:23:42.153", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.553", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, + "availabilityImpact": "NONE", + "baseScore": 7.6, "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 4.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43727.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43727.json index 116a4e524ef..aaf35553814 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43727.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43727.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43727", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:10.967", - "lastModified": "2023-10-02T20:23:35.937", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.640", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43728.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43728.json index 73cffb87640..f959609403d 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43728.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43728.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43728", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:11.027", - "lastModified": "2023-10-02T20:25:37.520", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.733", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43729.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43729.json index a5561d4afce..d8f29ba639f 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43729.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43729.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43729", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:11.097", - "lastModified": "2023-10-02T20:25:31.980", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:15.817", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43730.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43730.json index 62d9f00cddf..9f3f713f9b7 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43730.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43730.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43730", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:11.163", - "lastModified": "2023-10-02T20:25:14.447", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T17:15:12.260", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43731.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43731.json index 6064f26e1b2..31256e5f848 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43731.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43731.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43731", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T22:15:11.227", - "lastModified": "2023-10-02T20:25:27.757", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T17:15:12.367", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43732.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43732.json index 6c323405dd5..9676e6809d1 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43732.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43732.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43732", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T23:15:40.127", - "lastModified": "2023-10-02T20:25:22.140", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T17:15:12.463", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43733.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43733.json index baf55c00911..114f14c6518 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43733.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43733.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43733", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T23:15:40.203", - "lastModified": "2023-10-02T20:25:05.513", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T17:15:12.553", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43734.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43734.json index cfe3654bba1..ab56ebefdd2 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43734.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43734.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43734", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T23:15:40.260", - "lastModified": "2023-10-02T20:24:59.287", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T17:15:12.643", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43735.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43735.json index 4ec4b7328b7..fe2ec082e50 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43735.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43735.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43735", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T23:15:40.320", - "lastModified": "2023-10-02T20:24:51.227", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T17:15:12.740", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43740.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43740.json index 39ee5910394..480cc6ea827 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43740.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43740.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43740", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-28T21:15:10.110", - "lastModified": "2023-10-04T00:15:11.980", - "vulnStatus": "Modified", + "lastModified": "2023-10-06T17:59:22.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43838.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43838.json index b793806600c..30273b3481a 100644 --- a/CVE-2023/CVE-2023-438xx/CVE-2023-43838.json +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43838.json @@ -2,39 +2,114 @@ "id": "CVE-2023-43838", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-04T16:15:10.277", - "lastModified": "2023-10-04T18:14:55.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:14:54.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos arbitrarios en Personal Management System v1.4.64 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo SVG manipulado en el avatar de un perfil de usuario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:personal-management-system:personal_management_system:1.4.64:*:*:*:*:*:*:*", + "matchCriteriaId": "376FB2C9-9BAC-4173-A4BC-A11FE40FFF03" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.w3.org/2000/svg", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/Volmarg", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/Volmarg/personal-management-system", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/rootd4ddy/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/rootd4ddy/CVE-2023-43838", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43980.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43980.json index 71e469be21d..801a2f85f96 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43980.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43980.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43980", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-02T23:15:12.533", - "lastModified": "2023-10-03T12:51:52.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:26:51.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Se descubri\u00f3 que Presto Changeo testsitecreator hasta v1.1.1 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente enable_json.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:presto-changeo:testsitecreator:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.1.1", + "matchCriteriaId": "911998EE-8856-4C6E-A703-713F8621D4A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/09/28/testsitecreator-89.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.presto-changeo.com/prestashop/home/158-test-site-creator.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44043.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44043.json index 23a901eaa69..4859e4f51e3 100644 --- a/CVE-2023/CVE-2023-440xx/CVE-2023-44043.json +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44043.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44043", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-27T15:19:35.577", - "lastModified": "2023-10-03T20:15:10.020", - "vulnStatus": "Modified", + "lastModified": "2023-10-06T17:57:41.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44233.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44233.json new file mode 100644 index 00000000000..acd9598a796 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44233.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44233", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-06T16:15:15.907", + "lastModified": "2023-10-06T17:11:15.080", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin \u2013 FooGallery plugin <=\u00a02.2.44 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/foogallery/wordpress-foogallery-plugin-2-2-44-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44243.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44243.json new file mode 100644 index 00000000000..c3160597da7 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44243.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44243", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-06T16:15:15.983", + "lastModified": "2023-10-06T17:11:15.080", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <=\u00a01.2.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/instant-css/wordpress-instant-css-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-448xx/CVE-2023-44807.json b/CVE-2023/CVE-2023-448xx/CVE-2023-44807.json new file mode 100644 index 00000000000..409ac63d101 --- /dev/null +++ b/CVE-2023/CVE-2023-448xx/CVE-2023-44807.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-44807", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-06T17:15:12.837", + "lastModified": "2023-10-06T17:15:12.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DIR-820l/bug2.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4401.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4401.json index 454d425593c..6e2a2b26285 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4401.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4401.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4401", "sourceIdentifier": "security_alert@emc.com", "published": "2023-10-05T18:15:13.087", - "lastModified": "2023-10-05T19:13:42.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T17:54:38.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the \u2018more\u2019 command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.\n\n" + }, + { + "lang": "es", + "value": "El software de almacenamiento Dell SmartFabric v1.4 (y anteriores) contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el uso de la CLI del comando \"more\". Un atacante autenticado local o remoto podr\u00eda explotar esta vulnerabilidad, lo que le permitir\u00eda obtener acceso a nivel de root." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security_alert@emc.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, + { + "source": "security_alert@emc.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4491.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4491.json index 7357aa0f667..da489a41d61 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4491.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4491.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4491", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T13:15:25.823", - "lastModified": "2023-10-04T14:16:47.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:23:29.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de b\u00fafer en Easy Address Book Web Server versi\u00f3n 1.6. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante enviar un nombre de usuario muy largo a /searchbook.ghp, solicitando el nombre mediante una solicitud POST, lo que resultar\u00eda en la ejecuci\u00f3n de c\u00f3digo arbitrario en la m\u00e1quina remota." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "DC5C9543-0A62-454D-AB8D-EDDFA485E2B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4492.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4492.json index aab0af4e495..28712376c26 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4492.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4492.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4492", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T13:15:25.910", - "lastModified": "2023-10-04T14:16:47.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:21:08.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded" + }, + { + "lang": "es", + "value": "Vulnerabilidad en la versi\u00f3n 1.6 de Easy Address Book Web Server, que afecta los par\u00e1metros (nombre, tel\u00e9fono particular, apellido, segundo nombre, direcci\u00f3n de trabajo, ciudad de trabajo, pa\u00eds de trabajo, tel\u00e9fono de trabajo, estado de trabajo y zip de trabajo) del archivo /addrbook.ghp, lo que permite a un atacante inyectar un payload de JavaScript. especialmente manipulado para ejecutarse cuando la aplicaci\u00f3n est\u00e1 cargada" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "DC5C9543-0A62-454D-AB8D-EDDFA485E2B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4493.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4493.json index b2e1c4ed536..43f50ca2ad9 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4493.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4493.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4493", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T13:15:25.987", - "lastModified": "2023-10-04T14:16:47.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:20:31.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact." + }, + { + "lang": "es", + "value": "Cross-Site Scripting (XSS) en Easy Address Book Web Server versi\u00f3n 1.6, a trav\u00e9s del archivo users_admin.ghp que afecta m\u00faltiples par\u00e1metros como (nombre, tel\u00e9fono particular, apellido, apellido, segundo nombre, direcci\u00f3n de trabajo, ciudad de trabajo, pa\u00eds de trabajo, tel\u00e9fono de trabajo, estado de trabajo, zip de trabajo). Esta vulnerabilidad permite a un atacante remoto almacenar un payload de JavaScript malicioso en la aplicaci\u00f3n para ejecutarla cuando se carga la p\u00e1gina, lo que afecta la integridad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "DC5C9543-0A62-454D-AB8D-EDDFA485E2B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4494.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4494.json index 1de5b85b3ee..986c0cbc269 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4494.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4494.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4494", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T13:15:26.057", - "lastModified": "2023-10-04T14:16:47.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:20:06.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento del b\u00fafer en la versi\u00f3n 3.1 de Easy Chat Server. Un atacante podr\u00eda enviar un nombre de usuario excesivamente largo al archivo register.ghp solicitando el nombre mediante una solicitud GET, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo arbitrario en la m\u00e1quina remota." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easy_chat_server_project:easy_chat_server:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "CA8A1B0D-1E87-44C2-958E-742264C49145" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4495.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4495.json index 1159194b6fe..49a0e66fd2d 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4495.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4495.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4495", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T13:15:26.127", - "lastModified": "2023-10-04T14:16:47.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:19:45.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp." + }, + { + "lang": "es", + "value": "Easy Chat Server, en su versi\u00f3n 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /registresult.htm (m\u00e9todo POST), en el par\u00e1metro Resume. El XSS se carga desde /register.ghp." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easy_chat_server_project:easy_chat_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "561066D5-EAB9-4201-AABF-B63A3461D4DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4496.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4496.json index fa034086240..369ae114f66 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4496.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4496.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4496", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T13:15:26.193", - "lastModified": "2023-10-04T14:16:47.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:18:42.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter." + }, + { + "lang": "es", + "value": "Easy Chat Server, en su versi\u00f3n 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) almacenada a trav\u00e9s de /body2.ghp (m\u00e9todo POST), en el par\u00e1metro mtowho." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easy_chat_server_project:easy_chat_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "561066D5-EAB9-4201-AABF-B63A3461D4DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4497.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4497.json index 1728906a2c8..13144fd8374 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4497.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4497.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4497", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T13:15:26.267", - "lastModified": "2023-10-04T14:16:47.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-06T16:31:00.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp." + }, + { + "lang": "es", + "value": "Easy Chat Server, en su versi\u00f3n 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /registresult.htm (m\u00e9todo POST), en el par\u00e1metro Icon. El XSS se carga desde /users.ghp." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easy_chat_server_project:easy_chat_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "561066D5-EAB9-4201-AABF-B63A3461D4DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json index 0c3f6d19297..f6819f7de80 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4911", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-03T18:15:10.463", - "lastModified": "2023-10-06T06:15:12.157", + "lastModified": "2023-10-06T17:15:12.893", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -138,6 +138,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html", + "source": "secalert@redhat.com" + }, { "url": "http://seclists.org/fulldisclosure/2023/Oct/11", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5053.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5053.json index 8f842db0a25..5b45a37adcb 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5053.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5053.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5053", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-28T21:15:10.447", - "lastModified": "2023-10-02T18:10:08.777", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:16.057", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "baseScore": 9.8, + "baseSeverity": "CRITICAL" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5111.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5111.json index c9012715b8f..b4aa1b4580c 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5111.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5111.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5111", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T23:15:40.377", - "lastModified": "2023-10-04T00:15:12.257", - "vulnStatus": "Modified", + "lastModified": "2023-10-06T17:58:29.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5112.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5112.json index 3b5a9d2e84b..1d416cdf907 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5112.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5112.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5112", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-30T23:15:40.433", - "lastModified": "2023-10-02T20:26:32.583", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-06T16:15:16.147", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -41,26 +41,26 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "help@fluidattacks.com", "type": "Primary", "description": [ { @@ -70,7 +70,7 @@ ] }, { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/README.md b/README.md index 847a5550182..ff2e8508cf0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-06T16:00:25.760182+00:00 +2023-10-06T18:00:24.978385+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-06T15:39:08.150000+00:00 +2023-10-06T17:59:22.463000+00:00 ``` ### Last Data Feed Release @@ -29,59 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227124 +227134 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `10` -* [CVE-2023-28791](CVE-2023/CVE-2023-287xx/CVE-2023-28791.json) (`2023-10-06T14:15:11.727`) -* [CVE-2023-29235](CVE-2023/CVE-2023-292xx/CVE-2023-29235.json) (`2023-10-06T14:15:11.810`) -* [CVE-2023-35897](CVE-2023/CVE-2023-358xx/CVE-2023-35897.json) (`2023-10-06T14:15:11.913`) -* [CVE-2023-38703](CVE-2023/CVE-2023-387xx/CVE-2023-38703.json) (`2023-10-06T14:15:12.020`) -* [CVE-2023-42445](CVE-2023/CVE-2023-424xx/CVE-2023-42445.json) (`2023-10-06T14:15:12.103`) -* [CVE-2023-43058](CVE-2023/CVE-2023-430xx/CVE-2023-43058.json) (`2023-10-06T14:15:12.197`) -* [CVE-2023-43810](CVE-2023/CVE-2023-438xx/CVE-2023-43810.json) (`2023-10-06T14:15:12.267`) -* [CVE-2023-40607](CVE-2023/CVE-2023-406xx/CVE-2023-40607.json) (`2023-10-06T15:15:13.820`) -* [CVE-2023-41650](CVE-2023/CVE-2023-416xx/CVE-2023-41650.json) (`2023-10-06T15:15:13.967`) -* [CVE-2023-41654](CVE-2023/CVE-2023-416xx/CVE-2023-41654.json) (`2023-10-06T15:15:14.050`) -* [CVE-2023-41659](CVE-2023/CVE-2023-416xx/CVE-2023-41659.json) (`2023-10-06T15:15:14.123`) -* [CVE-2023-41732](CVE-2023/CVE-2023-417xx/CVE-2023-41732.json) (`2023-10-06T15:15:14.193`) -* [CVE-2023-41801](CVE-2023/CVE-2023-418xx/CVE-2023-41801.json) (`2023-10-06T15:15:14.263`) -* [CVE-2023-41950](CVE-2023/CVE-2023-419xx/CVE-2023-41950.json) (`2023-10-06T15:15:14.337`) -* [CVE-2023-44146](CVE-2023/CVE-2023-441xx/CVE-2023-44146.json) (`2023-10-06T15:15:14.413`) +* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2023-10-06T16:15:13.223`) +* [CVE-2023-44233](CVE-2023/CVE-2023-442xx/CVE-2023-44233.json) (`2023-10-06T16:15:15.907`) +* [CVE-2023-44243](CVE-2023/CVE-2023-442xx/CVE-2023-44243.json) (`2023-10-06T16:15:15.983`) +* [CVE-2023-23365](CVE-2023/CVE-2023-233xx/CVE-2023-23365.json) (`2023-10-06T17:15:11.737`) +* [CVE-2023-23366](CVE-2023/CVE-2023-233xx/CVE-2023-23366.json) (`2023-10-06T17:15:11.840`) +* [CVE-2023-23370](CVE-2023/CVE-2023-233xx/CVE-2023-23370.json) (`2023-10-06T17:15:11.920`) +* [CVE-2023-23371](CVE-2023/CVE-2023-233xx/CVE-2023-23371.json) (`2023-10-06T17:15:11.997`) +* [CVE-2023-32971](CVE-2023/CVE-2023-329xx/CVE-2023-32971.json) (`2023-10-06T17:15:12.083`) +* [CVE-2023-32972](CVE-2023/CVE-2023-329xx/CVE-2023-32972.json) (`2023-10-06T17:15:12.170`) +* [CVE-2023-44807](CVE-2023/CVE-2023-448xx/CVE-2023-44807.json) (`2023-10-06T17:15:12.837`) ### CVEs modified in the last Commit -Recently modified CVEs: `37` +Recently modified CVEs: `91` -* [CVE-2022-35205](CVE-2022/CVE-2022-352xx/CVE-2022-35205.json) (`2023-10-06T15:15:13.000`) -* [CVE-2022-36648](CVE-2022/CVE-2022-366xx/CVE-2022-36648.json) (`2023-10-06T15:15:13.083`) -* [CVE-2022-45703](CVE-2022/CVE-2022-457xx/CVE-2022-45703.json) (`2023-10-06T15:15:13.210`) -* [CVE-2022-48063](CVE-2022/CVE-2022-480xx/CVE-2022-48063.json) (`2023-10-06T15:15:13.280`) -* [CVE-2022-48064](CVE-2022/CVE-2022-480xx/CVE-2022-48064.json) (`2023-10-06T15:15:13.353`) -* [CVE-2022-48065](CVE-2022/CVE-2022-480xx/CVE-2022-48065.json) (`2023-10-06T15:15:13.433`) -* [CVE-2022-48565](CVE-2022/CVE-2022-485xx/CVE-2022-48565.json) (`2023-10-06T15:15:13.500`) -* [CVE-2022-48566](CVE-2022/CVE-2022-485xx/CVE-2022-48566.json) (`2023-10-06T15:15:13.573`) -* [CVE-2023-3768](CVE-2023/CVE-2023-37xx/CVE-2023-3768.json) (`2023-10-06T14:02:49.990`) -* [CVE-2023-23492](CVE-2023/CVE-2023-234xx/CVE-2023-23492.json) (`2023-10-06T14:17:07.790`) -* [CVE-2023-44839](CVE-2023/CVE-2023-448xx/CVE-2023-44839.json) (`2023-10-06T14:59:00.183`) -* [CVE-2023-32559](CVE-2023/CVE-2023-325xx/CVE-2023-32559.json) (`2023-10-06T15:15:13.657`) -* [CVE-2023-40217](CVE-2023/CVE-2023-402xx/CVE-2023-40217.json) (`2023-10-06T15:15:13.753`) -* [CVE-2023-41105](CVE-2023/CVE-2023-411xx/CVE-2023-41105.json) (`2023-10-06T15:15:13.900`) -* [CVE-2023-44838](CVE-2023/CVE-2023-448xx/CVE-2023-44838.json) (`2023-10-06T15:18:30.847`) -* [CVE-2023-44837](CVE-2023/CVE-2023-448xx/CVE-2023-44837.json) (`2023-10-06T15:19:36.920`) -* [CVE-2023-44836](CVE-2023/CVE-2023-448xx/CVE-2023-44836.json) (`2023-10-06T15:20:09.927`) -* [CVE-2023-41580](CVE-2023/CVE-2023-415xx/CVE-2023-41580.json) (`2023-10-06T15:28:15.680`) -* [CVE-2023-4929](CVE-2023/CVE-2023-49xx/CVE-2023-4929.json) (`2023-10-06T15:28:35.260`) -* [CVE-2023-40830](CVE-2023/CVE-2023-408xx/CVE-2023-40830.json) (`2023-10-06T15:28:43.257`) -* [CVE-2023-39159](CVE-2023/CVE-2023-391xx/CVE-2023-39159.json) (`2023-10-06T15:38:11.147`) -* [CVE-2023-40009](CVE-2023/CVE-2023-400xx/CVE-2023-40009.json) (`2023-10-06T15:38:27.297`) -* [CVE-2023-40198](CVE-2023/CVE-2023-401xx/CVE-2023-40198.json) (`2023-10-06T15:38:45.037`) -* [CVE-2023-40212](CVE-2023/CVE-2023-402xx/CVE-2023-40212.json) (`2023-10-06T15:38:56.077`) -* [CVE-2023-39158](CVE-2023/CVE-2023-391xx/CVE-2023-39158.json) (`2023-10-06T15:39:08.150`) +* [CVE-2023-40558](CVE-2023/CVE-2023-405xx/CVE-2023-40558.json) (`2023-10-06T16:25:05.677`) +* [CVE-2023-40201](CVE-2023/CVE-2023-402xx/CVE-2023-40201.json) (`2023-10-06T16:25:17.340`) +* [CVE-2023-25489](CVE-2023/CVE-2023-254xx/CVE-2023-25489.json) (`2023-10-06T16:26:25.187`) +* [CVE-2023-3213](CVE-2023/CVE-2023-32xx/CVE-2023-3213.json) (`2023-10-06T16:26:39.383`) +* [CVE-2023-43980](CVE-2023/CVE-2023-439xx/CVE-2023-43980.json) (`2023-10-06T16:26:51.337`) +* [CVE-2023-4497](CVE-2023/CVE-2023-44xx/CVE-2023-4497.json) (`2023-10-06T16:31:00.943`) +* [CVE-2023-43730](CVE-2023/CVE-2023-437xx/CVE-2023-43730.json) (`2023-10-06T17:15:12.260`) +* [CVE-2023-43731](CVE-2023/CVE-2023-437xx/CVE-2023-43731.json) (`2023-10-06T17:15:12.367`) +* [CVE-2023-43732](CVE-2023/CVE-2023-437xx/CVE-2023-43732.json) (`2023-10-06T17:15:12.463`) +* [CVE-2023-43733](CVE-2023/CVE-2023-437xx/CVE-2023-43733.json) (`2023-10-06T17:15:12.553`) +* [CVE-2023-43734](CVE-2023/CVE-2023-437xx/CVE-2023-43734.json) (`2023-10-06T17:15:12.643`) +* [CVE-2023-43735](CVE-2023/CVE-2023-437xx/CVE-2023-43735.json) (`2023-10-06T17:15:12.740`) +* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-06T17:15:12.893`) +* [CVE-2023-26782](CVE-2023/CVE-2023-267xx/CVE-2023-26782.json) (`2023-10-06T17:20:59.803`) +* [CVE-2023-4401](CVE-2023/CVE-2023-44xx/CVE-2023-4401.json) (`2023-10-06T17:54:38.027`) +* [CVE-2023-43073](CVE-2023/CVE-2023-430xx/CVE-2023-43073.json) (`2023-10-06T17:55:26.480`) +* [CVE-2023-43072](CVE-2023/CVE-2023-430xx/CVE-2023-43072.json) (`2023-10-06T17:55:43.053`) +* [CVE-2023-43071](CVE-2023/CVE-2023-430xx/CVE-2023-43071.json) (`2023-10-06T17:56:09.033`) +* [CVE-2023-43069](CVE-2023/CVE-2023-430xx/CVE-2023-43069.json) (`2023-10-06T17:56:59.323`) +* [CVE-2023-43070](CVE-2023/CVE-2023-430xx/CVE-2023-43070.json) (`2023-10-06T17:57:03.317`) +* [CVE-2023-43068](CVE-2023/CVE-2023-430xx/CVE-2023-43068.json) (`2023-10-06T17:57:26.520`) +* [CVE-2023-44043](CVE-2023/CVE-2023-440xx/CVE-2023-44043.json) (`2023-10-06T17:57:41.317`) +* [CVE-2023-5111](CVE-2023/CVE-2023-51xx/CVE-2023-5111.json) (`2023-10-06T17:58:29.377`) +* [CVE-2023-39410](CVE-2023/CVE-2023-394xx/CVE-2023-39410.json) (`2023-10-06T17:58:36.833`) +* [CVE-2023-43740](CVE-2023/CVE-2023-437xx/CVE-2023-43740.json) (`2023-10-06T17:59:22.463`) ## Download and Usage