diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24394.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24394.json index 1e81dee05d1..a4ee7e65dd0 100644 --- a/CVE-2023/CVE-2023-243xx/CVE-2023-24394.json +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24394.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24394", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T11:15:07.363", - "lastModified": "2023-08-25T11:15:07.363", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25649.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25649.json index 5370756b64c..391946e3e99 100644 --- a/CVE-2023/CVE-2023-256xx/CVE-2023-25649.json +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25649.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25649", "sourceIdentifier": "psirt@zte.com.cn", "published": "2023-08-25T10:15:08.247", - "lastModified": "2023-08-25T10:15:08.247", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25981.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25981.json index a9c0ee62ea2..4f8a608bbca 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25981.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25981.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25981", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T10:15:09.350", - "lastModified": "2023-08-25T10:15:09.350", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28994.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28994.json index 5eff9f579d1..7f62b05249f 100644 --- a/CVE-2023/CVE-2023-289xx/CVE-2023-28994.json +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28994.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28994", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-23T15:15:07.890", - "lastModified": "2023-08-23T16:33:41.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:19:29.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uxthemes:flatsome:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.16.8", + "matchCriteriaId": "1A7CD5CB-7316-4BF2-9EE1-084D65897B8C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/flatsome/wordpress-flatsome-theme-3-16-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json index ac7d3065437..0432c62db53 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32518", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T09:15:07.840", - "lastModified": "2023-08-25T09:15:07.840", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32575.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32575.json index fa70cd60a98..b0eaa80f5a9 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32575.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32575.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32575", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T11:15:08.177", - "lastModified": "2023-08-25T11:15:08.177", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json index df6505bd0b9..cff5f573355 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32576", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T09:15:08.477", - "lastModified": "2023-08-25T09:15:08.477", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json index e9f5dc1de2d..62f2ce69a21 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32577", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T09:15:08.573", - "lastModified": "2023-08-25T09:15:08.573", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json index 9e0c39f1b88..22af4878136 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32584", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T09:15:08.670", - "lastModified": "2023-08-25T09:15:08.670", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json index da096e2cda1..28d4de51d20 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32591", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T09:15:08.757", - "lastModified": "2023-08-25T09:15:08.757", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32595.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32595.json index c2c7616b17a..26a05586446 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32595.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32595.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32595", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T11:15:08.333", - "lastModified": "2023-08-25T11:15:08.333", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32596.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32596.json index be47ad42c36..e2cc461c598 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32596.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32596.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32596", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T11:15:08.497", - "lastModified": "2023-08-25T11:15:08.497", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32598.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32598.json new file mode 100644 index 00000000000..e34b9717ce6 --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32598.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32598", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-25T12:15:07.880", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <=\u00a05.14 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/featured-image-pro/wordpress-featured-image-pro-post-grid-plugin-5-14-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32603.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32603.json new file mode 100644 index 00000000000..be930cd8f58 --- /dev/null +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32603.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32603", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-25T12:15:08.323", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy \u2013 Smart Donations plugin <=\u00a04.0.12 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/smart-donations/wordpress-donations-made-easy-smart-donations-plugin-4-0-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json index cb2ef6cbe92..d741d4f6d60 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32755", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-08-25T07:15:08.273", - "lastModified": "2023-08-25T07:15:08.273", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:05.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json index ec4502b25d6..f8afe881426 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32756", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-08-25T08:15:07.747", - "lastModified": "2023-08-25T08:15:07.747", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json index 54382e0a7e8..ffbc50f2518 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32757", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-08-25T08:15:07.850", - "lastModified": "2023-08-25T08:15:07.850", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32797.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32797.json new file mode 100644 index 00000000000..968ab7e3370 --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32797.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32797", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-25T12:15:08.513", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <=\u00a01.0.22 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-responsive-video-gallery-with-lightbox/wordpress-video-carousel-slider-with-lightbox-plugin-1-0-22-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json index f109dd0e2eb..303699216e1 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3406", "sourceIdentifier": "security@m-files.com", "published": "2023-08-25T09:15:08.850", - "lastModified": "2023-08-25T09:15:08.850", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json index 584d9d928a5..fba4835e51c 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3425", "sourceIdentifier": "security@m-files.com", "published": "2023-08-25T09:15:08.937", - "lastModified": "2023-08-25T09:15:08.937", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36317.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36317.json index a0d88acf6e2..b86b3566533 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36317.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36317.json @@ -2,27 +2,93 @@ "id": "CVE-2023-36317", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-23T22:15:08.550", - "lastModified": "2023-08-24T02:02:17.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:19:43.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en sourcecodester Student Study Center Desk Management System v1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud GET a la URL de la aplicaci\u00f3n web. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:student_study_center_desk_management_system_project:student_study_center_desk_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5A7F67EA-5AEE-4BE7-8EB3-F5C2FFDC5344" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.sourcecodester.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38889.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38889.json index 89d6ec9adee..559d4f405c8 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38889.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38889.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38889", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T17:15:11.887", - "lastModified": "2023-08-24T21:25:23.500", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-25T12:58:20.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -55,8 +55,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:alluxio:alluxio:2.9.3:*:*:*:*:*:*:*", - "matchCriteriaId": "F843A6A2-8146-434C-ACD8-470AAD3E4FBC" + "criteria": "cpe:2.3:a:alluxio:alluxio:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.9.3", + "matchCriteriaId": "554323A8-5D2F-4D7D-AFE1-218ECC971A45" } ] } diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39669.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39669.json index fa9fcef5e23..c8d1fbac12c 100644 --- a/CVE-2023/CVE-2023-396xx/CVE-2023-39669.json +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39669.json @@ -2,27 +2,100 @@ "id": "CVE-2023-39669", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T03:15:22.250", - "lastModified": "2023-08-18T12:43:51.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:42:37.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-880l_a1_firmware:107wwb08:*:*:*:*:*:*:*", + "matchCriteriaId": "C8F1A3E7-E73A-4AD9-813F-E53CBAA9331D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-880l_a1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9A2A11C5-BCD0-4047-A51C-11E61209D80F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/880%20unchecked%20return%20value.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://support.dlink.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.dlink.com/en/security-bulletin/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40530.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40530.json index d1e0f353d79..ebc87029254 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40530.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40530.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40530", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-25T04:15:10.487", - "lastModified": "2023-08-25T04:15:10.487", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:05.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40711.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40711.json index 1b33fcfadd6..67b51d93e58 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40711.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40711.json @@ -2,19 +2,75 @@ "id": "CVE-2023-40711", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-20T01:15:08.920", - "lastModified": "2023-08-21T12:47:18.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T12:56:50.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veilid:veilid:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.1.9", + "matchCriteriaId": "0693CDB3-B229-4A6D-A68A-44B0C28FC869" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/veilid/veilid/-/blob/main/CHANGELOG.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40874.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40874.json index 1b1a5e6e862..e5c89b27560 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40874.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40874.json @@ -2,19 +2,75 @@ "id": "CVE-2023-40874", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-24T15:15:07.480", - "lastModified": "2023-08-24T19:56:03.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:19:53.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.7.110", + "matchCriteriaId": "15B2B12C-3FC2-467C-B325-CF950A18E6E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40875.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40875.json index 0b094bdf4bc..41ba7b38439 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40875.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40875.json @@ -2,19 +2,75 @@ "id": "CVE-2023-40875", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-24T15:15:07.580", - "lastModified": "2023-08-24T19:56:03.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:20:02.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.7.110", + "matchCriteriaId": "15B2B12C-3FC2-467C-B325-CF950A18E6E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40876.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40876.json index 635e38db18d..6e63ba4aba4 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40876.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40876.json @@ -2,19 +2,76 @@ "id": "CVE-2023-40876", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-24T15:15:07.637", - "lastModified": "2023-08-24T19:56:03.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:20:10.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.7.110", + "matchCriteriaId": "15B2B12C-3FC2-467C-B325-CF950A18E6E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40877.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40877.json index 4e4d727d911..ccffe8d0323 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40877.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40877.json @@ -2,19 +2,75 @@ "id": "CVE-2023-40877", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-24T15:15:07.690", - "lastModified": "2023-08-24T19:56:03.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:20:20.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.7.110", + "matchCriteriaId": "15B2B12C-3FC2-467C-B325-CF950A18E6E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss4.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json index 86f0fbcf4dd..88e6dbf34be 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41173", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T07:15:09.140", - "lastModified": "2023-08-25T07:15:09.140", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41248.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41248.json new file mode 100644 index 00000000000..84327324992 --- /dev/null +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41248.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41248", + "sourceIdentifier": "security@jetbrains.com", + "published": "2023-08-25T13:15:07.547", + "lastModified": "2023-08-25T13:15:24.927", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@jetbrains.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "security@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41249.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41249.json new file mode 100644 index 00000000000..5c0489ad39c --- /dev/null +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41249.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41249", + "sourceIdentifier": "security@jetbrains.com", + "published": "2023-08-25T13:15:07.700", + "lastModified": "2023-08-25T13:15:24.927", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@jetbrains.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "security@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41250.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41250.json new file mode 100644 index 00000000000..d0ab727dd4c --- /dev/null +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41250.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41250", + "sourceIdentifier": "security@jetbrains.com", + "published": "2023-08-25T13:15:07.780", + "lastModified": "2023-08-25T13:15:24.927", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@jetbrains.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "security@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4428.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4428.json index c7b39d5c26d..718476e908b 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4428.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4428.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4428", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.157", - "lastModified": "2023-08-23T13:17:22.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:18:47.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.110", + "matchCriteriaId": "1FFC5A2F-C97A-4FD2-825D-A3C18A1D4D78" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1470477", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4429.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4429.json index 62e4e6ec251..cac1a01388f 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4429.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4429.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4429", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.227", - "lastModified": "2023-08-23T13:17:18.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:18:56.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.110", + "matchCriteriaId": "1FFC5A2F-C97A-4FD2-825D-A3C18A1D4D78" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1469754", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4430.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4430.json index debb8516792..1a942df90a7 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4430.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4430.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4430", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.290", - "lastModified": "2023-08-23T13:17:18.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:19:04.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.110", + "matchCriteriaId": "1FFC5A2F-C97A-4FD2-825D-A3C18A1D4D78" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1469542", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4431.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4431.json index 09b2a4ed74b..a9199bf2daa 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4431.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4431.json @@ -2,23 +2,82 @@ "id": "CVE-2023-4431", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.353", - "lastModified": "2023-08-23T13:17:18.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T13:19:17.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.110", + "matchCriteriaId": "1FFC5A2F-C97A-4FD2-825D-A3C18A1D4D78" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1469348", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4478.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4478.json index ecf6bd7351b..6cd6b0cef19 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4478.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4478.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4478", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-08-25T10:15:09.687", - "lastModified": "2023-08-25T10:15:09.687", - "vulnStatus": "Received", + "lastModified": "2023-08-25T12:47:00.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index ade4faf3893..ef08c8e4569 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-25T12:00:25.091616+00:00 +2023-08-25T14:00:24.731029+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-25T11:15:08.497000+00:00 +2023-08-25T13:42:37.727000+00:00 ``` ### Last Data Feed Release @@ -29,26 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223435 +223441 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `6` -* [CVE-2023-25649](CVE-2023/CVE-2023-256xx/CVE-2023-25649.json) (`2023-08-25T10:15:08.247`) -* [CVE-2023-25981](CVE-2023/CVE-2023-259xx/CVE-2023-25981.json) (`2023-08-25T10:15:09.350`) -* [CVE-2023-4478](CVE-2023/CVE-2023-44xx/CVE-2023-4478.json) (`2023-08-25T10:15:09.687`) -* [CVE-2023-24394](CVE-2023/CVE-2023-243xx/CVE-2023-24394.json) (`2023-08-25T11:15:07.363`) -* [CVE-2023-32575](CVE-2023/CVE-2023-325xx/CVE-2023-32575.json) (`2023-08-25T11:15:08.177`) -* [CVE-2023-32595](CVE-2023/CVE-2023-325xx/CVE-2023-32595.json) (`2023-08-25T11:15:08.333`) -* [CVE-2023-32596](CVE-2023/CVE-2023-325xx/CVE-2023-32596.json) (`2023-08-25T11:15:08.497`) +* [CVE-2023-32598](CVE-2023/CVE-2023-325xx/CVE-2023-32598.json) (`2023-08-25T12:15:07.880`) +* [CVE-2023-32603](CVE-2023/CVE-2023-326xx/CVE-2023-32603.json) (`2023-08-25T12:15:08.323`) +* [CVE-2023-32797](CVE-2023/CVE-2023-327xx/CVE-2023-32797.json) (`2023-08-25T12:15:08.513`) +* [CVE-2023-41248](CVE-2023/CVE-2023-412xx/CVE-2023-41248.json) (`2023-08-25T13:15:07.547`) +* [CVE-2023-41249](CVE-2023/CVE-2023-412xx/CVE-2023-41249.json) (`2023-08-25T13:15:07.700`) +* [CVE-2023-41250](CVE-2023/CVE-2023-412xx/CVE-2023-41250.json) (`2023-08-25T13:15:07.780`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `32` +* [CVE-2023-32591](CVE-2023/CVE-2023-325xx/CVE-2023-32591.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-3406](CVE-2023/CVE-2023-34xx/CVE-2023-3406.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-3425](CVE-2023/CVE-2023-34xx/CVE-2023-3425.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-25649](CVE-2023/CVE-2023-256xx/CVE-2023-25649.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-25981](CVE-2023/CVE-2023-259xx/CVE-2023-25981.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-4478](CVE-2023/CVE-2023-44xx/CVE-2023-4478.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-24394](CVE-2023/CVE-2023-243xx/CVE-2023-24394.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-32575](CVE-2023/CVE-2023-325xx/CVE-2023-32575.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-32595](CVE-2023/CVE-2023-325xx/CVE-2023-32595.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-32596](CVE-2023/CVE-2023-325xx/CVE-2023-32596.json) (`2023-08-25T12:47:00.750`) +* [CVE-2023-40530](CVE-2023/CVE-2023-405xx/CVE-2023-40530.json) (`2023-08-25T12:47:05.410`) +* [CVE-2023-32755](CVE-2023/CVE-2023-327xx/CVE-2023-32755.json) (`2023-08-25T12:47:05.410`) +* [CVE-2023-40711](CVE-2023/CVE-2023-407xx/CVE-2023-40711.json) (`2023-08-25T12:56:50.940`) +* [CVE-2023-38889](CVE-2023/CVE-2023-388xx/CVE-2023-38889.json) (`2023-08-25T12:58:20.617`) +* [CVE-2023-4428](CVE-2023/CVE-2023-44xx/CVE-2023-4428.json) (`2023-08-25T13:18:47.170`) +* [CVE-2023-4429](CVE-2023/CVE-2023-44xx/CVE-2023-4429.json) (`2023-08-25T13:18:56.320`) +* [CVE-2023-4430](CVE-2023/CVE-2023-44xx/CVE-2023-4430.json) (`2023-08-25T13:19:04.223`) +* [CVE-2023-4431](CVE-2023/CVE-2023-44xx/CVE-2023-4431.json) (`2023-08-25T13:19:17.713`) +* [CVE-2023-28994](CVE-2023/CVE-2023-289xx/CVE-2023-28994.json) (`2023-08-25T13:19:29.850`) +* [CVE-2023-36317](CVE-2023/CVE-2023-363xx/CVE-2023-36317.json) (`2023-08-25T13:19:43.420`) +* [CVE-2023-40874](CVE-2023/CVE-2023-408xx/CVE-2023-40874.json) (`2023-08-25T13:19:53.090`) +* [CVE-2023-40875](CVE-2023/CVE-2023-408xx/CVE-2023-40875.json) (`2023-08-25T13:20:02.233`) +* [CVE-2023-40876](CVE-2023/CVE-2023-408xx/CVE-2023-40876.json) (`2023-08-25T13:20:10.643`) +* [CVE-2023-40877](CVE-2023/CVE-2023-408xx/CVE-2023-40877.json) (`2023-08-25T13:20:20.920`) +* [CVE-2023-39669](CVE-2023/CVE-2023-396xx/CVE-2023-39669.json) (`2023-08-25T13:42:37.727`) ## Download and Usage