From f26d902a89b7b1d87eff1016ebb64a7430d07d80 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 22 Dec 2023 23:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-22T23:00:25.113817+00:00 --- CVE-2015/CVE-2015-101xx/CVE-2015-10107.json | 10 +-- CVE-2017/CVE-2017-201xx/CVE-2017-20158.json | 20 +++-- CVE-2023/CVE-2023-284xx/CVE-2023-28464.json | 10 ++- CVE-2023/CVE-2023-309xx/CVE-2023-30987.json | 9 +- CVE-2023/CVE-2023-309xx/CVE-2023-30991.json | 9 +- CVE-2023/CVE-2023-327xx/CVE-2023-32726.json | 86 +++++++++++++++++- CVE-2023/CVE-2023-384xx/CVE-2023-38408.json | 6 +- CVE-2023/CVE-2023-384xx/CVE-2023-38429.json | 19 +++- CVE-2023/CVE-2023-384xx/CVE-2023-38430.json | 54 +++++++++++- CVE-2023/CVE-2023-387xx/CVE-2023-38719.json | 9 +- CVE-2023/CVE-2023-387xx/CVE-2023-38720.json | 9 +- CVE-2023/CVE-2023-387xx/CVE-2023-38728.json | 9 +- CVE-2023/CVE-2023-387xx/CVE-2023-38740.json | 9 +- CVE-2023/CVE-2023-388xx/CVE-2023-38802.json | 44 +++++++-- CVE-2023/CVE-2023-403xx/CVE-2023-40372.json | 9 +- CVE-2023/CVE-2023-403xx/CVE-2023-40373.json | 9 +- CVE-2023/CVE-2023-403xx/CVE-2023-40374.json | 9 +- CVE-2023/CVE-2023-404xx/CVE-2023-40443.json | 8 +- CVE-2023/CVE-2023-413xx/CVE-2023-41358.json | 44 +++++++-- CVE-2023/CVE-2023-413xx/CVE-2023-41359.json | 44 +++++++-- CVE-2023/CVE-2023-413xx/CVE-2023-41360.json | 44 +++++++-- CVE-2023/CVE-2023-419xx/CVE-2023-41909.json | 44 +++++++-- CVE-2023/CVE-2023-419xx/CVE-2023-41996.json | 8 +- CVE-2023/CVE-2023-490xx/CVE-2023-49004.json | 75 +++++++++++++++- CVE-2023/CVE-2023-507xx/CVE-2023-50727.json | 63 +++++++++++++ CVE-2023/CVE-2023-507xx/CVE-2023-50730.json | 67 ++++++++++++++ CVE-2023/CVE-2023-507xx/CVE-2023-50731.json | 67 ++++++++++++++ CVE-2023/CVE-2023-509xx/CVE-2023-50924.json | 59 +++++++++++++ CVE-2023/CVE-2023-509xx/CVE-2023-50928.json | 59 +++++++++++++ CVE-2023/CVE-2023-509xx/CVE-2023-50976.json | 98 +++++++++++++++++++-- CVE-2023/CVE-2023-513xx/CVE-2023-51386.json | 59 +++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51387.json | 63 +++++++++++++ CVE-2023/CVE-2023-514xx/CVE-2023-51449.json | 63 +++++++++++++ CVE-2023/CVE-2023-514xx/CVE-2023-51451.json | 67 ++++++++++++++ CVE-2023/CVE-2023-516xx/CVE-2023-51650.json | 59 +++++++++++++ CVE-2023/CVE-2023-516xx/CVE-2023-51651.json | 63 +++++++++++++ README.md | 91 +++++++++---------- 37 files changed, 1330 insertions(+), 145 deletions(-) create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50727.json create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50730.json create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50731.json create mode 100644 CVE-2023/CVE-2023-509xx/CVE-2023-50924.json create mode 100644 CVE-2023/CVE-2023-509xx/CVE-2023-50928.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51386.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51387.json create mode 100644 CVE-2023/CVE-2023-514xx/CVE-2023-51449.json create mode 100644 CVE-2023/CVE-2023-514xx/CVE-2023-51451.json create mode 100644 CVE-2023/CVE-2023-516xx/CVE-2023-51650.json create mode 100644 CVE-2023/CVE-2023-516xx/CVE-2023-51651.json diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json index df390a65480..1a230c74a52 100644 --- a/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json +++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json @@ -2,8 +2,8 @@ "id": "CVE-2015-10107", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-31T03:15:09.157", - "lastModified": "2023-11-07T02:23:58.280", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T21:37:33.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20158.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20158.json index 38c9133bf4e..ec55e54dfd8 100644 --- a/CVE-2017/CVE-2017-201xx/CVE-2017-20158.json +++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20158.json @@ -2,12 +2,16 @@ "id": "CVE-2017-20158", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-31T11:15:08.587", - "lastModified": "2023-11-07T02:43:20.563", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T21:33:15.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The identifier of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "es", + "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 **** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en vova07 Yii2 FileAPI Widget hasta 0.1.8. Ha sido declarada problem\u00e1tica. La funci\u00f3n de ejecuci\u00f3n del archivo action/UploadAction.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del archivo de argumentos conduce a Cross-Site Scripting. El ataque se puede lanzar de forma remota. La actualizaci\u00f3n a la versi\u00f3n 0.1.9 puede solucionar este problema. El nombre del parche es c00d1e4fc912257fca1fce66d7a163bdbb4c8222. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-217141. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante." } ], "metrics": { @@ -33,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +59,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -91,7 +95,7 @@ ] }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { @@ -124,16 +128,14 @@ "url": "https://github.com/vova07/yii2-fileapi-widget/commit/c00d1e4fc912257fca1fce66d7a163bdbb4c8222", "source": "cna@vuldb.com", "tags": [ - "Patch", - "Third Party Advisory" + "Patch" ] }, { "url": "https://github.com/vova07/yii2-fileapi-widget/releases/tag/0.1.9", "source": "cna@vuldb.com", "tags": [ - "Release Notes", - "Third Party Advisory" + "Release Notes" ] }, { diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28464.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28464.json index 2b9ecfe11ed..35a8ceed198 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28464.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28464.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28464", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-31T16:15:07.557", - "lastModified": "2023-11-09T14:44:33.733", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:04:49.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -141,7 +141,11 @@ "references": [ { "url": "https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230517-0004/", diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30987.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30987.json index 2bcde5bb0e4..faaaba5d688 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30987.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30987.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30987", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-16T21:15:10.627", - "lastModified": "2023-11-16T16:15:30.380", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:07:56.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -222,7 +222,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0006/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047560", diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30991.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30991.json index 97873b0c548..3c38fd6199a 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30991.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30991.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30991", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-16T23:15:10.147", - "lastModified": "2023-11-16T15:15:07.930", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:07:48.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -167,7 +167,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0005/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047499", diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32726.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32726.json index ff37b4358c2..3d7c176127d 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32726.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32726.json @@ -2,16 +2,40 @@ "id": "CVE-2023-32726", "sourceIdentifier": "security@zabbix.com", "published": "2023-12-18T10:15:06.750", - "lastModified": "2023-12-18T14:05:17.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T21:11:10.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server." + }, + { + "lang": "es", + "value": "La vulnerabilidad se debe a una verificaci\u00f3n incorrecta de si RDLENGTH no desborda el b\u00fafer en respuesta del servidor DNS." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "security@zabbix.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + }, { "source": "security@zabbix.com", "type": "Secondary", @@ -46,10 +80,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zabbix:zabbix-agent:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "5.0.39", + "matchCriteriaId": "1D042C89-DB7A-476E-B02B-A39386189825" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zabbix:zabbix-agent:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.23", + "matchCriteriaId": "7E3A1180-2007-40CD-9AD2-EA904E222989" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zabbix:zabbix-agent:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.8", + "matchCriteriaId": "6C295C3B-0788-4E5B-991E-8CAFE1365CCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zabbix:zabbix-agent:7.0.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "725CFCBF-DF3B-4E94-8A56-AA2DA2F8462E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zabbix:zabbix-agent:7.0.0:alpha6:*:*:*:*:*:*", + "matchCriteriaId": "4E2109D2-0986-43D0-9561-447DB52F137E" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.zabbix.com/browse/ZBX-23855", - "source": "security@zabbix.com" + "source": "security@zabbix.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json index aeee1da3003..e42803dbd09 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38408", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T03:15:10.170", - "lastModified": "2023-11-07T04:17:17.487", + "lastModified": "2023-12-22T22:15:07.490", "vulnStatus": "Modified", "descriptions": [ { @@ -188,6 +188,10 @@ "url": "https://security.netapp.com/advisory/ntap-20230803-0010/", "source": "cve@mitre.org" }, + { + "url": "https://support.apple.com/kb/HT213940", + "source": "cve@mitre.org" + }, { "url": "https://www.openssh.com/security.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38429.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38429.json index 7ad271a5261..4dc16c9a8d0 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38429.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38429.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38429", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-18T00:15:09.620", - "lastModified": "2023-07-27T16:11:05.037", + "lastModified": "2023-12-22T21:34:39.870", "vulnStatus": "Analyzed", "descriptions": [ { @@ -56,8 +56,23 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15", + "versionEndExcluding": "5.15.113", + "matchCriteriaId": "75B3BF61-F56C-4BD7-94AF-50E17A4AA732" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.30", + "matchCriteriaId": "E9430E62-03EA-42E6-9E5E-BD1D5124D107" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", "versionEndExcluding": "6.3.4", - "matchCriteriaId": "AB636222-53A9-4558-A34C-B51C1F056730" + "matchCriteriaId": "26C54BF0-3EED-46D4-92A7-5F07F658B49B" } ] } diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38430.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38430.json index 964cf08bd2c..3b4a461a352 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38430.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38430.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38430", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-18T00:15:09.663", - "lastModified": "2023-08-31T19:15:10.493", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:33:45.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -56,8 +56,51 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15", + "versionEndExcluding": "6.1.35", + "matchCriteriaId": "6442A7ED-1F45-4D16-8B82-9D9364C0809B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", "versionEndExcluding": "6.3.9", - "matchCriteriaId": "EED7D469-6841-4864-B5A9-5D7EF8058AA7" + "matchCriteriaId": "7DE06036-A8A1-4685-8575-2B94D6FD3278" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" } ] } @@ -81,7 +124,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230831-0003/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38719.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38719.json index b677af33542..3840f30162c 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38719.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38719.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38719", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-17T00:15:10.797", - "lastModified": "2023-11-16T16:15:30.990", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:09:52.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -130,7 +130,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0008/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047558", diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38720.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38720.json index 5d0266998ba..25e3f49d38c 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38720.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38720.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38720", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-16T21:15:10.720", - "lastModified": "2023-11-16T16:15:31.103", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:08:14.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -167,7 +167,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0005/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047489", diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38728.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38728.json index 26cc5ff53a1..281d5ac7392 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38728.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38728.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38728", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-16T22:15:11.957", - "lastModified": "2023-11-16T16:15:31.207", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:08:08.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -227,7 +227,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0006/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047478", diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38740.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38740.json index b58ccbcb492..46b77043e29 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38740.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38740.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38740", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-16T22:15:12.057", - "lastModified": "2023-11-16T16:15:31.320", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:08:00.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -132,7 +132,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0007/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047489", diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38802.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38802.json index f9e0d529f56..990e121551c 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38802.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38802.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38802", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-29T16:15:09.113", - "lastModified": "2023-11-15T05:15:08.813", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:18:04.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -97,6 +97,31 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ @@ -119,15 +144,24 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://news.ycombinator.com/item?id=37305800", diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40372.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40372.json index 8239fdc75ba..cb07fa8f970 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40372.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40372.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40372", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-17T00:15:10.887", - "lastModified": "2023-11-16T16:15:31.580", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:09:48.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -132,7 +132,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0007/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047561", diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40373.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40373.json index c7d1951e9f0..05e09f6177d 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40373.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40373.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40373", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-17T00:15:10.970", - "lastModified": "2023-11-16T16:15:31.730", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:09:44.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -227,7 +227,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0006/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047563", diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40374.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40374.json index 354451424d8..ce3feb90020 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40374.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40374.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40374", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-16T23:15:10.243", - "lastModified": "2023-11-16T16:15:31.900", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:09:55.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -132,7 +132,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0007/", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047261", diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40443.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40443.json index dc38a4db7af..49bba223412 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40443.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40443.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40443", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-27T15:19:16.337", - "lastModified": "2023-10-12T02:27:28.793", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-22T22:15:07.633", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -89,6 +89,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/kb/HT213940", + "source": "product-security@apple.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41358.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41358.json index 885ebfe7b4d..a4f3e088ae7 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41358.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41358.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41358", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-29T04:15:16.180", - "lastModified": "2023-11-15T05:15:08.967", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:18:08.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -91,6 +91,31 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ @@ -112,15 +137,24 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5495", diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41359.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41359.json index e6d2a65ef76..c3f49d28d09 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41359.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41359.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41359", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-29T04:15:16.877", - "lastModified": "2023-11-15T05:15:09.100", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:18:17.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -62,6 +62,31 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ @@ -75,15 +100,24 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41360.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41360.json index 9e51cae7116..06d99005c91 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41360.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41360.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41360", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-29T04:15:16.957", - "lastModified": "2023-11-15T05:15:09.213", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:18:13.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -77,6 +77,31 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ @@ -98,15 +123,24 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41909.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41909.json index 312d226704f..d89700f45dc 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41909.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41909.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41909", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-05T07:15:14.877", - "lastModified": "2023-11-15T05:15:09.433", - "vulnStatus": "Modified", + "lastModified": "2023-12-22T21:17:24.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -81,6 +81,31 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ @@ -101,15 +126,24 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41996.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41996.json index 2f578ee3dc3..079f9962a19 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41996.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41996.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41996", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-27T15:19:32.400", - "lastModified": "2023-10-05T13:44:53.030", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-22T22:15:07.727", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -85,6 +85,10 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://support.apple.com/kb/HT213940", + "source": "product-security@apple.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49004.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49004.json index e7098173882..47fbb30d036 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49004.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49004.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49004", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-19T22:15:08.103", - "lastModified": "2023-12-20T13:50:26.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T21:31:55.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,78 @@ "value": "Un problema en D-Link DIR-850L v.B1_FW223WWb01 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipualdo para el par\u00e1metro en." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-850l_firmware:fw223wwb01:*:*:*:*:*:*:*", + "matchCriteriaId": "CA6C219D-2898-4A48-A1DA-127333997A5F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-850l:b1:*:*:*:*:*:*:*", + "matchCriteriaId": "D7904795-59F2-4FB8-A0EF-4700613811D2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50727.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50727.json new file mode 100644 index 00000000000..0ae107b1c23 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50727.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-50727", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:07.690", + "lastModified": "2023-12-22T21:15:07.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /\">. This issue has been patched in version 2.6.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/resque/resque/commit/7623b8dfbdd0a07eb04b19fb25b16a8d6f087f9a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/resque/resque/pull/1865", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/resque/resque/security/advisories/GHSA-r9mq-m72x-257g", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50730.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50730.json new file mode 100644 index 00000000000..b556be00583 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50730.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-50730", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:07.930", + "lastModified": "2023-12-22T21:15:07.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioural characteristics would be needed.\n\nGrackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query.\n\nThe possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + }, + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/typelevel/grackle/commit/56e244b91659cf385df590fc6c46695b6f36cbfd", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/typelevel/grackle/releases/tag/v0.18.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/typelevel/grackle/security/advisories/GHSA-g56x-7j6w-g8r8", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50731.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50731.json new file mode 100644 index 00000000000..6658bdc7293 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50731.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-50731", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:08.150", + "lastModified": "2023-12-22T21:15:08.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50924.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50924.json new file mode 100644 index 00000000000..8e1989a9502 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50924.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50924", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:08.370", + "lastModified": "2023-12-22T21:15:08.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/engelsystem/engelsystem/commit/efda1ffc1ce59f02a7d237d9087adea26e73ec5f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/engelsystem/engelsystem/security/advisories/GHSA-p5ch-rrpm-wvhm", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50928.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50928.json new file mode 100644 index 00000000000..699994ff65e --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50928.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50928", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:08.580", + "lastModified": "2023-12-22T21:15:08.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\"Sandbox Accounts for Events\" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/awslabs/sandbox-accounts-for-events/commit/f30a0662f0a28734eb33c5868cccc1c319eb6e79", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/awslabs/sandbox-accounts-for-events/security/advisories/GHSA-cg8w-7q5v-g32r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50976.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50976.json index 223430d2781..a5e51a0573f 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50976.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50976.json @@ -2,35 +2,117 @@ "id": "CVE-2023-50976", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T00:15:11.253", - "lastModified": "2023-12-18T14:05:22.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T21:23:23.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API." + }, + { + "lang": "es", + "value": "Redpanda anterior al 23.1.21 y 23.2.x anterior al 23.2.18 le faltan comprobaciones de autorizaci\u00f3n en la API de Transacciones." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.1.21", + "matchCriteriaId": "386702E5-3A32-414E-996E-694309A84427" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.2.0", + "versionEndExcluding": "23.2.18", + "matchCriteriaId": "EEF67EF6-AF08-4612-88E0-AA19076E7168" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/redpanda-data/redpanda/compare/v23.1.20...v23.1.21", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/redpanda-data/redpanda/issues/15048", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/redpanda-data/redpanda/pull/14969", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/redpanda-data/redpanda/pull/15060", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51386.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51386.json new file mode 100644 index 00000000000..64e622fa99e --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51386.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51386", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T22:15:07.827", + "lastModified": "2023-12-22T22:15:07.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/awslabs/sandbox-accounts-for-events/commit/f30a0662f0a28734eb33c5868cccc1c319eb6e79", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/awslabs/sandbox-accounts-for-events/security/advisories/GHSA-p7w3-j66h-m7mx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51387.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51387.json new file mode 100644 index 00000000000..ef9ee11b133 --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51387.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-51387", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:08.790", + "lastModified": "2023-12-22T21:15:08.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51449.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51449.json new file mode 100644 index 00000000000..4526daad140 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51449.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-51449", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:09.000", + "lastModified": "2023-12-22T21:15:09.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51451.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51451.json new file mode 100644 index 00000000000..c4c4d49b871 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51451.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-51451", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:09.297", + "lastModified": "2023-12-22T21:15:09.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/getsentry/self-hosted/releases/tag/23.12.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/getsentry/symbolicator/pull/1343", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/getsentry/symbolicator/releases/tag/23.12.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/getsentry/symbolicator/security/advisories/GHSA-ghg9-7m82-h96r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51650.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51650.json new file mode 100644 index 00000000000..6e46ccd047e --- /dev/null +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51650.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51650", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:09.503", + "lastModified": "2023-12-22T21:15:09.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51651.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51651.json new file mode 100644 index 00000000000..ab21f1115b7 --- /dev/null +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51651.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-51651", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-22T21:15:09.700", + "lastModified": "2023-12-22T21:15:09.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d9835d2142f..d7ed3f8e5af 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-22T21:00:25.146517+00:00 +2023-12-22T23:00:25.113817+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-22T20:55:33.283000+00:00 +2023-12-22T22:15:07.827000+00:00 ``` ### Last Data Feed Release @@ -29,64 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234127 +234138 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `11` -* [CVE-2023-50147](CVE-2023/CVE-2023-501xx/CVE-2023-50147.json) (`2023-12-22T19:15:08.757`) -* [CVE-2023-50708](CVE-2023/CVE-2023-507xx/CVE-2023-50708.json) (`2023-12-22T19:15:08.840`) -* [CVE-2023-50714](CVE-2023/CVE-2023-507xx/CVE-2023-50714.json) (`2023-12-22T19:15:09.057`) -* [CVE-2023-51011](CVE-2023/CVE-2023-510xx/CVE-2023-51011.json) (`2023-12-22T19:15:09.260`) -* [CVE-2023-51012](CVE-2023/CVE-2023-510xx/CVE-2023-51012.json) (`2023-12-22T19:15:09.310`) -* [CVE-2023-51013](CVE-2023/CVE-2023-510xx/CVE-2023-51013.json) (`2023-12-22T19:15:09.360`) -* [CVE-2023-51014](CVE-2023/CVE-2023-510xx/CVE-2023-51014.json) (`2023-12-22T19:15:09.403`) -* [CVE-2023-51015](CVE-2023/CVE-2023-510xx/CVE-2023-51015.json) (`2023-12-22T19:15:09.450`) -* [CVE-2023-51016](CVE-2023/CVE-2023-510xx/CVE-2023-51016.json) (`2023-12-22T19:15:09.493`) -* [CVE-2023-51017](CVE-2023/CVE-2023-510xx/CVE-2023-51017.json) (`2023-12-22T19:15:09.540`) -* [CVE-2023-51018](CVE-2023/CVE-2023-510xx/CVE-2023-51018.json) (`2023-12-22T19:15:09.587`) -* [CVE-2023-51019](CVE-2023/CVE-2023-510xx/CVE-2023-51019.json) (`2023-12-22T19:15:09.630`) -* [CVE-2023-51020](CVE-2023/CVE-2023-510xx/CVE-2023-51020.json) (`2023-12-22T19:15:09.673`) -* [CVE-2023-51021](CVE-2023/CVE-2023-510xx/CVE-2023-51021.json) (`2023-12-22T19:15:09.737`) -* [CVE-2023-51022](CVE-2023/CVE-2023-510xx/CVE-2023-51022.json) (`2023-12-22T19:15:09.787`) -* [CVE-2023-51033](CVE-2023/CVE-2023-510xx/CVE-2023-51033.json) (`2023-12-22T19:15:09.827`) -* [CVE-2023-51034](CVE-2023/CVE-2023-510xx/CVE-2023-51034.json) (`2023-12-22T19:15:09.877`) -* [CVE-2023-51035](CVE-2023/CVE-2023-510xx/CVE-2023-51035.json) (`2023-12-22T19:15:09.920`) -* [CVE-2023-50712](CVE-2023/CVE-2023-507xx/CVE-2023-50712.json) (`2023-12-22T20:15:07.443`) -* [CVE-2023-50725](CVE-2023/CVE-2023-507xx/CVE-2023-50725.json) (`2023-12-22T20:15:07.657`) +* [CVE-2023-50727](CVE-2023/CVE-2023-507xx/CVE-2023-50727.json) (`2023-12-22T21:15:07.690`) +* [CVE-2023-50730](CVE-2023/CVE-2023-507xx/CVE-2023-50730.json) (`2023-12-22T21:15:07.930`) +* [CVE-2023-50731](CVE-2023/CVE-2023-507xx/CVE-2023-50731.json) (`2023-12-22T21:15:08.150`) +* [CVE-2023-50924](CVE-2023/CVE-2023-509xx/CVE-2023-50924.json) (`2023-12-22T21:15:08.370`) +* [CVE-2023-50928](CVE-2023/CVE-2023-509xx/CVE-2023-50928.json) (`2023-12-22T21:15:08.580`) +* [CVE-2023-51387](CVE-2023/CVE-2023-513xx/CVE-2023-51387.json) (`2023-12-22T21:15:08.790`) +* [CVE-2023-51449](CVE-2023/CVE-2023-514xx/CVE-2023-51449.json) (`2023-12-22T21:15:09.000`) +* [CVE-2023-51451](CVE-2023/CVE-2023-514xx/CVE-2023-51451.json) (`2023-12-22T21:15:09.297`) +* [CVE-2023-51650](CVE-2023/CVE-2023-516xx/CVE-2023-51650.json) (`2023-12-22T21:15:09.503`) +* [CVE-2023-51651](CVE-2023/CVE-2023-516xx/CVE-2023-51651.json) (`2023-12-22T21:15:09.700`) +* [CVE-2023-51386](CVE-2023/CVE-2023-513xx/CVE-2023-51386.json) (`2023-12-22T22:15:07.827`) ### CVEs modified in the last Commit -Recently modified CVEs: `90` +Recently modified CVEs: `25` -* [CVE-2023-51023](CVE-2023/CVE-2023-510xx/CVE-2023-51023.json) (`2023-12-22T20:32:34.333`) -* [CVE-2023-51024](CVE-2023/CVE-2023-510xx/CVE-2023-51024.json) (`2023-12-22T20:32:34.333`) -* [CVE-2023-51025](CVE-2023/CVE-2023-510xx/CVE-2023-51025.json) (`2023-12-22T20:32:34.333`) -* [CVE-2023-51026](CVE-2023/CVE-2023-510xx/CVE-2023-51026.json) (`2023-12-22T20:32:34.333`) -* [CVE-2023-51027](CVE-2023/CVE-2023-510xx/CVE-2023-51027.json) (`2023-12-22T20:32:34.333`) -* [CVE-2023-51028](CVE-2023/CVE-2023-510xx/CVE-2023-51028.json) (`2023-12-22T20:32:34.333`) -* [CVE-2023-7076](CVE-2023/CVE-2023-70xx/CVE-2023-7076.json) (`2023-12-22T20:32:41.017`) -* [CVE-2023-51661](CVE-2023/CVE-2023-516xx/CVE-2023-51661.json) (`2023-12-22T20:32:41.017`) -* [CVE-2023-42017](CVE-2023/CVE-2023-420xx/CVE-2023-42017.json) (`2023-12-22T20:32:41.017`) -* [CVE-2023-42465](CVE-2023/CVE-2023-424xx/CVE-2023-42465.json) (`2023-12-22T20:32:41.017`) -* [CVE-2023-45165](CVE-2023/CVE-2023-451xx/CVE-2023-45165.json) (`2023-12-22T20:32:41.017`) -* [CVE-2023-45957](CVE-2023/CVE-2023-459xx/CVE-2023-45957.json) (`2023-12-22T20:32:41.017`) -* [CVE-2023-48670](CVE-2023/CVE-2023-486xx/CVE-2023-48670.json) (`2023-12-22T20:32:41.017`) -* [CVE-2023-48704](CVE-2023/CVE-2023-487xx/CVE-2023-48704.json) (`2023-12-22T20:32:41.017`) -* [CVE-2023-5432](CVE-2023/CVE-2023-54xx/CVE-2023-5432.json) (`2023-12-22T20:39:49.330`) -* [CVE-2023-29597](CVE-2023/CVE-2023-295xx/CVE-2023-29597.json) (`2023-12-22T20:40:50.207`) -* [CVE-2023-45105](CVE-2023/CVE-2023-451xx/CVE-2023-45105.json) (`2023-12-22T20:43:34.927`) -* [CVE-2023-43826](CVE-2023/CVE-2023-438xx/CVE-2023-43826.json) (`2023-12-22T20:45:28.967`) -* [CVE-2023-41648](CVE-2023/CVE-2023-416xx/CVE-2023-41648.json) (`2023-12-22T20:46:36.737`) -* [CVE-2023-40602](CVE-2023/CVE-2023-406xx/CVE-2023-40602.json) (`2023-12-22T20:47:21.267`) -* [CVE-2023-38481](CVE-2023/CVE-2023-384xx/CVE-2023-38481.json) (`2023-12-22T20:48:36.037`) -* [CVE-2023-46265](CVE-2023/CVE-2023-462xx/CVE-2023-46265.json) (`2023-12-22T20:52:36.757`) -* [CVE-2023-27812](CVE-2023/CVE-2023-278xx/CVE-2023-27812.json) (`2023-12-22T20:53:11.000`) -* [CVE-2023-43788](CVE-2023/CVE-2023-437xx/CVE-2023-43788.json) (`2023-12-22T20:55:21.290`) -* [CVE-2023-1989](CVE-2023/CVE-2023-19xx/CVE-2023-1989.json) (`2023-12-22T20:55:33.283`) +* [CVE-2015-10107](CVE-2015/CVE-2015-101xx/CVE-2015-10107.json) (`2023-12-22T21:37:33.253`) +* [CVE-2017-20158](CVE-2017/CVE-2017-201xx/CVE-2017-20158.json) (`2023-12-22T21:33:15.120`) +* [CVE-2023-28464](CVE-2023/CVE-2023-284xx/CVE-2023-28464.json) (`2023-12-22T21:04:49.027`) +* [CVE-2023-30991](CVE-2023/CVE-2023-309xx/CVE-2023-30991.json) (`2023-12-22T21:07:48.593`) +* [CVE-2023-30987](CVE-2023/CVE-2023-309xx/CVE-2023-30987.json) (`2023-12-22T21:07:56.470`) +* [CVE-2023-38740](CVE-2023/CVE-2023-387xx/CVE-2023-38740.json) (`2023-12-22T21:08:00.977`) +* [CVE-2023-38728](CVE-2023/CVE-2023-387xx/CVE-2023-38728.json) (`2023-12-22T21:08:08.530`) +* [CVE-2023-38720](CVE-2023/CVE-2023-387xx/CVE-2023-38720.json) (`2023-12-22T21:08:14.097`) +* [CVE-2023-40373](CVE-2023/CVE-2023-403xx/CVE-2023-40373.json) (`2023-12-22T21:09:44.897`) +* [CVE-2023-40372](CVE-2023/CVE-2023-403xx/CVE-2023-40372.json) (`2023-12-22T21:09:48.530`) +* [CVE-2023-38719](CVE-2023/CVE-2023-387xx/CVE-2023-38719.json) (`2023-12-22T21:09:52.513`) +* [CVE-2023-40374](CVE-2023/CVE-2023-403xx/CVE-2023-40374.json) (`2023-12-22T21:09:55.723`) +* [CVE-2023-32726](CVE-2023/CVE-2023-327xx/CVE-2023-32726.json) (`2023-12-22T21:11:10.103`) +* [CVE-2023-41909](CVE-2023/CVE-2023-419xx/CVE-2023-41909.json) (`2023-12-22T21:17:24.600`) +* [CVE-2023-38802](CVE-2023/CVE-2023-388xx/CVE-2023-38802.json) (`2023-12-22T21:18:04.033`) +* [CVE-2023-41358](CVE-2023/CVE-2023-413xx/CVE-2023-41358.json) (`2023-12-22T21:18:08.167`) +* [CVE-2023-41360](CVE-2023/CVE-2023-413xx/CVE-2023-41360.json) (`2023-12-22T21:18:13.257`) +* [CVE-2023-41359](CVE-2023/CVE-2023-413xx/CVE-2023-41359.json) (`2023-12-22T21:18:17.247`) +* [CVE-2023-50976](CVE-2023/CVE-2023-509xx/CVE-2023-50976.json) (`2023-12-22T21:23:23.067`) +* [CVE-2023-49004](CVE-2023/CVE-2023-490xx/CVE-2023-49004.json) (`2023-12-22T21:31:55.343`) +* [CVE-2023-38430](CVE-2023/CVE-2023-384xx/CVE-2023-38430.json) (`2023-12-22T21:33:45.797`) +* [CVE-2023-38429](CVE-2023/CVE-2023-384xx/CVE-2023-38429.json) (`2023-12-22T21:34:39.870`) +* [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2023-12-22T22:15:07.490`) +* [CVE-2023-40443](CVE-2023/CVE-2023-404xx/CVE-2023-40443.json) (`2023-12-22T22:15:07.633`) +* [CVE-2023-41996](CVE-2023/CVE-2023-419xx/CVE-2023-41996.json) (`2023-12-22T22:15:07.727`) ## Download and Usage