diff --git a/CVE-2019/CVE-2019-136xx/CVE-2019-13690.json b/CVE-2019/CVE-2019-136xx/CVE-2019-13690.json index 67d9700564f..e60d8ffa4a5 100644 --- a/CVE-2019/CVE-2019-136xx/CVE-2019-13690.json +++ b/CVE-2019/CVE-2019-136xx/CVE-2019-13690.json @@ -2,23 +2,100 @@ "id": "CVE-2019-13690", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-25T19:15:08.117", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-31T00:39:07.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "75.0.3770.80", + "matchCriteriaId": "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960111", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/960111", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-352xx/CVE-2022-35205.json b/CVE-2022/CVE-2022-352xx/CVE-2022-35205.json index 560b7db97e1..c454881369f 100644 --- a/CVE-2022/CVE-2022-352xx/CVE-2022-35205.json +++ b/CVE-2022/CVE-2022-352xx/CVE-2022-35205.json @@ -2,19 +2,76 @@ "id": "CVE-2022-35205", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:23.060", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:36:47.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:binutils:2.38.50:*:*:*:*:*:*:*", + "matchCriteriaId": "9456C364-BC91-4654-BD14-934D443CCEDF" + } + ] + } + ] + } + ], "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29289", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-352xx/CVE-2022-35206.json b/CVE-2022/CVE-2022-352xx/CVE-2022-35206.json index b8272a83003..189b487d614 100644 --- a/CVE-2022/CVE-2022-352xx/CVE-2022-35206.json +++ b/CVE-2022/CVE-2022-352xx/CVE-2022-35206.json @@ -2,19 +2,76 @@ "id": "CVE-2022-35206", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:23.113", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:36:57.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:binutils:2.38.50:*:*:*:*:*:*:*", + "matchCriteriaId": "9456C364-BC91-4654-BD14-934D443CCEDF" + } + ] + } + ] + } + ], "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29290", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-404xx/CVE-2022-40433.json b/CVE-2022/CVE-2022-404xx/CVE-2022-40433.json index 63c1d0fadc1..ea2a5daede8 100644 --- a/CVE-2022/CVE-2022-404xx/CVE-2022-40433.json +++ b/CVE-2022/CVE-2022-404xx/CVE-2022-40433.json @@ -2,31 +2,118 @@ "id": "CVE-2022-40433", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:24.010", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:37:13.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:openjdk:7:update351:*:*:*:*:*:*", + "matchCriteriaId": "576F2D55-3079-45D0-A2E8-0D250A8F5BDE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:openjdk:8:*:*:*:*:*:*:*", + "matchCriteriaId": "FB165A22-A34A-478F-AF3A-483F649AE95D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*", + "matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:openjdk:17.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "778B9A45-E5EB-4B97-9989-AC221A577DCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*", + "matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.openjdk.org/browse/JDK-8283441", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/openjdk/jdk11u-dev/pull/1183", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/openjdk/jdk13u-dev/pull/394", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/openjdk/jdk15u-dev/pull/261", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-44xx/CVE-2022-4452.json b/CVE-2022/CVE-2022-44xx/CVE-2022-4452.json index d1dfc561fa4..bcc17e52af6 100644 --- a/CVE-2022/CVE-2022-44xx/CVE-2022-4452.json +++ b/CVE-2022/CVE-2022-44xx/CVE-2022-4452.json @@ -2,23 +2,88 @@ "id": "CVE-2022-4452", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-25T15:15:08.040", - "lastModified": "2023-08-25T17:51:53.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:39:17.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "107.0.5304.62", + "matchCriteriaId": "6E3E8C15-896B-4126-A53A-771C50A24E4F" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1372457", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Patch", + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1372457", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Patch", + "Permissions Required", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json index 4abbede2436..13bfcfc16dd 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1997", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2023-08-28T16:15:08.627", - "lastModified": "2023-08-28T19:28:54.367", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:26:46.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -46,10 +76,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3ds:3dexperience:r2021x:*:*:*:*:*:*:*", + "matchCriteriaId": "22C41137-50DF-4370-8A86-396061095A3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3ds:3dexperience:r2022x:*:*:*:*:*:*:*", + "matchCriteriaId": "7CB01B8A-297F-4B1C-A76A-1ED733E62A43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3ds:3dexperience:r2023x:*:*:*:*:*:*:*", + "matchCriteriaId": "E52A5F8A-665B-4AA7-89CD-19720D64718E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.3ds.com/vulnerability/advisories", - "source": "3DS.Information-Security@3ds.com" + "source": "3DS.Information-Security@3ds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json index e41f6ea4e8e..a8be335f4a9 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23770", "sourceIdentifier": "cert@ncsc.nl", "published": "2023-08-29T09:15:07.993", - "lastModified": "2023-08-29T13:34:55.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:26:07.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cert@ncsc.nl", "type": "Secondary", @@ -34,10 +54,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:*", + "matchCriteriaId": "87EB0F74-B3C6-4641-8678-1F8654BDFF8B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*", + "matchCriteriaId": "044E6275-5F1D-496C-839F-909926D337B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://tetraburst.com/", - "source": "cert@ncsc.nl" + "source": "cert@ncsc.nl", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json index 47d0eace718..d31d66f62b8 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23771", "sourceIdentifier": "cert@ncsc.nl", "published": "2023-08-29T09:15:08.910", - "lastModified": "2023-08-29T13:34:55.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:25:45.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + }, { "source": "cert@ncsc.nl", "type": "Secondary", @@ -34,10 +54,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:motorola:mbts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*", + "matchCriteriaId": "07A9EA39-6C38-4A3E-9628-AD39FE659018" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:motorola:mbts_base_radio:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92E15ED3-0448-4EE1-AE81-EDB533C24A70" + } + ] + } + ] + } + ], "references": [ { "url": "https://tetraburst.com/", - "source": "cert@ncsc.nl" + "source": "cert@ncsc.nl", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json index ce472720451..1e5c0146024 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23772", "sourceIdentifier": "cert@ncsc.nl", "published": "2023-08-29T09:15:09.193", - "lastModified": "2023-08-29T13:34:55.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:25:58.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cert@ncsc.nl", "type": "Secondary", @@ -34,10 +54,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:*", + "matchCriteriaId": "87EB0F74-B3C6-4641-8678-1F8654BDFF8B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*", + "matchCriteriaId": "044E6275-5F1D-496C-839F-909926D337B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://tetraburst.com/", - "source": "cert@ncsc.nl" + "source": "cert@ncsc.nl", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json index 489a6cc22db..8e5dbbae261 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23773", "sourceIdentifier": "cert@ncsc.nl", "published": "2023-08-29T09:15:09.330", - "lastModified": "2023-08-29T13:34:55.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:24:59.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cert@ncsc.nl", "type": "Secondary", @@ -34,10 +54,81 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:motorola:ebts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*", + "matchCriteriaId": "B1DB9FFD-308A-43F3-A646-17FBBA5BEB23" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:motorola:ebts_base_radio:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B397BB8-D7B1-468B-9CA9-63E1E34740D1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:motorola:mbts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*", + "matchCriteriaId": "07A9EA39-6C38-4A3E-9628-AD39FE659018" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:motorola:mbts_base_radio:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92E15ED3-0448-4EE1-AE81-EDB533C24A70" + } + ] + } + ] + } + ], "references": [ { "url": "https://tetraburst.com/", - "source": "cert@ncsc.nl" + "source": "cert@ncsc.nl", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json index 3d8b5681174..8d1ae07c8b9 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23774", "sourceIdentifier": "cert@ncsc.nl", "published": "2023-08-29T09:15:09.403", - "lastModified": "2023-08-29T13:34:55.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:24:38.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + }, { "source": "cert@ncsc.nl", "type": "Secondary", @@ -34,10 +54,81 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:motorola:ebts_site_controller_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "397B1B92-C023-4825-8122-05131B702740" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:motorola:ebts_site_controller:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B19E4B16-8762-44BF-A597-D77621686A2E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:motorola:mbts_site_controller_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "678A4DEF-0D43-43CA-B541-F7BEAAEEAA28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*", + "matchCriteriaId": "044E6275-5F1D-496C-839F-909926D337B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://tetraburst.com/", - "source": "cert@ncsc.nl" + "source": "cert@ncsc.nl", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31423.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31423.json new file mode 100644 index 00000000000..9cde98af9de --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31423.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31423", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-31T01:15:07.860", + "lastModified": "2023-08-31T01:15:07.860", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Possible\n information exposure through log file vulnerability where sensitive \nfields are recorded in the configuration log without masking on Brocade \nSANnav before v2.3.0 and 2.2.2a. Notes:\n To access the logs, the local attacker must have access to an already collected Brocade SANnav \"supportsave\" \noutputs.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22508", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31424.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31424.json new file mode 100644 index 00000000000..279824f941b --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31424.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31424", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-31T01:15:08.537", + "lastModified": "2023-08-31T01:15:08.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a\n allows remote unauthenticated users to bypass web authentication and \nauthorization.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22507", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31925.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31925.json new file mode 100644 index 00000000000..006cc7c8743 --- /dev/null +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31925.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31925", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-31T01:15:08.753", + "lastModified": "2023-08-31T01:15:08.753", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Brocade\n SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords\n in plaintext. A privileged user could retrieve these credentials with \nknowledge and access to these log files. SNMP \ncredentials could be seen in SANnav SupportSave if the capture is \nperformed after an SNMP configuration failure causes an SNMP \ncommunication log dump.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-347xx/CVE-2023-34723.json b/CVE-2023/CVE-2023-347xx/CVE-2023-34723.json index 24962c49ca9..980c8bf8f57 100644 --- a/CVE-2023/CVE-2023-347xx/CVE-2023-34723.json +++ b/CVE-2023/CVE-2023-347xx/CVE-2023-34723.json @@ -2,23 +2,94 @@ "id": "CVE-2023-34723", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T22:15:08.903", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:37:46.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jaycar:la5570_firmware:1.0.19_t53:*:*:*:*:*:*:*", + "matchCriteriaId": "725D3A05-4F91-4EFD-8590-22FFADBD2F47" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jaycar:la5570:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46B24E7F-1C4B-49B5-BE0E-1AF9D84020FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3489.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3489.json new file mode 100644 index 00000000000..94e5914cb33 --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3489.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3489", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-31T00:15:07.913", + "lastModified": "2023-08-31T00:15:07.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The \nfirmwaredownload command on Brocade Fabric OS v9.2.0 could log the \nFTP/SFTP/SCP server password in clear text in the SupportSave file when \nperforming a downgrade from Fabric OS v9.2.0 to any earlier version of \nFabric OS.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3705.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3705.json index 3fca7127a61..f83de23e598 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3705.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3705.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3705", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2023-08-24T08:15:09.040", - "lastModified": "2023-08-24T12:55:22.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:37:27.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "vdisclose@cert-in.org.in", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "vdisclose@cert-in.org.in", "type": "Secondary", @@ -46,10 +76,100 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cpplusworld:cp-vnr-3104_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "b3223p22c02424", + "matchCriteriaId": "16BACB34-6325-4E52-A575-AEEDA3B2FE4F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cpplusworld:cp-vnr-3104:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1E31775-FFB5-40C3-9841-0C67D42E87C4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cpplusworld:cp-vnr-3108_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "b3223p22c02424", + "matchCriteriaId": "B1A6A2F4-6595-4DFC-A926-A2CB677E0CCD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cpplusworld:cp-vnr-3108:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34F3AD8B-71BA-434A-A2EB-39C3292D4EC6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cpplusworld:cp-vnr-3208_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "b3223p22c02424", + "matchCriteriaId": "872BD1A6-87C4-4AC4-93E9-2CE82E0D4B74" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cpplusworld:cp-vnr-3208:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8269EEF4-930E-4205-A1AF-3D1D7114A6B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239", - "source": "vdisclose@cert-in.org.in" + "source": "vdisclose@cert-in.org.in", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38710.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38710.json index ff7f6821e09..34116ffb063 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38710.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38710.json @@ -2,23 +2,83 @@ "id": "CVE-2023-38710", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T21:15:08.167", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-31T00:38:31.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.20", + "versionEndExcluding": "4.12", + "matchCriteriaId": "6FD4136B-12B7-4FCA-B643-47F5FEA652EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/libreswan/libreswan/tags", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://libreswan.org/security/CVE-2023-38710/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38711.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38711.json index 8a65d282f0c..9a1133f5990 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38711.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38711.json @@ -2,23 +2,83 @@ "id": "CVE-2023-38711", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T21:15:08.230", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-31T00:38:08.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.6", + "versionEndExcluding": "4.12", + "matchCriteriaId": "E5090A30-05D9-4501-9E86-FF1024BB2A0F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/libreswan/libreswan/tags", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://libreswan.org/security/CVE-2023-38711/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38712.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38712.json index 02ebc0f3c9e..6e57e686dc9 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38712.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38712.json @@ -2,23 +2,90 @@ "id": "CVE-2023-38712", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T21:15:08.293", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:37:58.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0", + "versionEndExcluding": "4.0", + "matchCriteriaId": "8DF49694-9BD7-46A7-851B-F03CB49A9250" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "4.12", + "matchCriteriaId": "8923F14F-CAAA-402E-8549-8250C9CADA4A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/libreswan/libreswan/tags", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://libreswan.org/security/CVE-2023-38712/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39650.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39650.json index 2e867fae5e7..d5967abfca9 100644 --- a/CVE-2023/CVE-2023-396xx/CVE-2023-39650.json +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39650.json @@ -2,23 +2,88 @@ "id": "CVE-2023-39650", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T23:15:08.293", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:26:15.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single." + }, + { + "lang": "es", + "value": "Se ha descubierto que Theme Volty CMS Blog hasta la versi\u00f3n v4.0.1 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro \"id\" en \"/tvcmsblog/single\"." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themevolty:theme_volty_cms_blog:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "4.0.1", + "matchCriteriaId": "F74A6448-7ABD-41CE-9E35-40252778AADE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/08/24/tvcmsblog.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://themevolty.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40857.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40857.json index 4a8dda13409..dce61f3224f 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40857.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40857.json @@ -2,19 +2,80 @@ "id": "CVE-2023-40857", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T22:15:09.870", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:27:11.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en VirusTotal yara v4.3.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n \"yr_execute_cod\" del componente \"exe.c\". " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:virustotal:yara:4.3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "C9EEF587-BE65-40E9-AE81-5F7FA989A74A" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/VirusTotal/yara/issues/1945", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json index e0597993075..80d9cff77d7 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json @@ -2,19 +2,76 @@ "id": "CVE-2023-40997", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T22:15:10.030", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:26:33.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:o-ran-sc:ric_message_router:4.9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09883935-1EE0-4711-B707-9A1B78E4E326" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.o-ran-sc.org/browse/RIC-991", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json index 5b38faa2825..1dda6862dc6 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json @@ -2,19 +2,76 @@ "id": "CVE-2023-40998", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T22:15:10.167", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T00:26:26.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:o-ran-sc:ric_message_router:4.9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09883935-1EE0-4711-B707-9A1B78E4E326" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.o-ran-sc.org/browse/RIC-989", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4162.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4162.json new file mode 100644 index 00000000000..a721bc3eccf --- /dev/null +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4162.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4162", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-31T01:15:08.943", + "lastModified": "2023-08-31T01:15:08.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A\n segmentation fault can occur in Brocade Fabric OS after Brocade Fabric \nOS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg \ncommand. This\n could allow an authenticated privileged user local user to crash a \nBrocade Fabric OS swith using the cli \u201cpasswdcfg --set -expire \n-minDiff\u201c.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4163.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4163.json new file mode 100644 index 00000000000..7a91bc9f8c2 --- /dev/null +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4163.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4163", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-31T01:15:09.190", + "lastModified": "2023-08-31T01:15:09.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4649.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4649.json new file mode 100644 index 00000000000..dd62d73dab6 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4649.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4649", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T01:15:09.390", + "lastModified": "2023-08-31T01:15:09.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/ca5f150da11d9caae86638885137afe35bcc3592", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/069bb1f3-0805-480d-a6e1-b3345cdc60f3", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4650.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4650.json new file mode 100644 index 00000000000..01642ec035c --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4650.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4650", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T01:15:09.623", + "lastModified": "2023-08-31T01:15:09.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/78ff8ca066e86a65ff35470b5622be3aa7d2f928", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/d92e8985-9d9d-4a62-92e8-ada014ee3b17", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4651.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4651.json new file mode 100644 index 00000000000..4272bd97bda --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4651.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4651", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T01:15:09.787", + "lastModified": "2023-08-31T01:15:09.787", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4652.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4652.json new file mode 100644 index 00000000000..c4e092e2922 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4652.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4652", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T01:15:10.063", + "lastModified": "2023-08-31T01:15:10.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/7a7e57e77f12f36d0e96be6d5b9066389372dbcd", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/7869e4af-fad9-48c3-9e4f-c949e54cbb41", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4653.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4653.json new file mode 100644 index 00000000000..636f9608297 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4653.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4653", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T01:15:10.297", + "lastModified": "2023-08-31T01:15:10.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/7e9d79818bd52dfa7811d5978c72785054c65242", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/e0bf7e95-fc8c-4fd4-8575-8b46b9431c6d", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4654.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4654.json new file mode 100644 index 00000000000..233566a8a81 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4654.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4654", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T01:15:10.573", + "lastModified": "2023-08-31T01:15:10.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-614" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/ca5f150da11d9caae86638885137afe35bcc3592", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/56432a75-af43-4b1a-9307-bd8de568351b", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4655.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4655.json new file mode 100644 index 00000000000..acce03ef696 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4655.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4655", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T01:15:10.740", + "lastModified": "2023-08-31T01:15:10.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/a6a30e7bc96cd2081707388046c0259870533da6", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/e2189ad5-b665-4ba5-b6c4-112e58ae9a97", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1f196f84b78..fb512a5f705 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-30T23:55:25.057622+00:00 +2023-08-31T02:00:26.419751+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-30T23:15:08.447000+00:00 +2023-08-31T01:15:10.740000+00:00 ``` ### Last Data Feed Release @@ -23,37 +23,58 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-08-30T00:00:13.572909+00:00 +2023-08-31T00:00:13.561501+00:00 ``` ### Total Number of included CVEs ```plain -223760 +223773 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `13` -* [CVE-2023-31714](CVE-2023/CVE-2023-317xx/CVE-2023-31714.json) (`2023-08-30T22:15:08.013`) -* [CVE-2023-38970](CVE-2023/CVE-2023-389xx/CVE-2023-38970.json) (`2023-08-30T22:15:08.717`) -* [CVE-2023-39135](CVE-2023/CVE-2023-391xx/CVE-2023-39135.json) (`2023-08-30T22:15:08.920`) -* [CVE-2023-39136](CVE-2023/CVE-2023-391xx/CVE-2023-39136.json) (`2023-08-30T22:15:08.977`) -* [CVE-2023-39137](CVE-2023/CVE-2023-391xx/CVE-2023-39137.json) (`2023-08-30T22:15:09.030`) -* [CVE-2023-39138](CVE-2023/CVE-2023-391xx/CVE-2023-39138.json) (`2023-08-30T22:15:09.083`) -* [CVE-2023-39139](CVE-2023/CVE-2023-391xx/CVE-2023-39139.json) (`2023-08-30T22:15:09.300`) -* [CVE-2023-41040](CVE-2023/CVE-2023-410xx/CVE-2023-41040.json) (`2023-08-30T22:15:09.857`) -* [CVE-2023-41041](CVE-2023/CVE-2023-410xx/CVE-2023-41041.json) (`2023-08-30T22:15:10.043`) -* [CVE-2023-41163](CVE-2023/CVE-2023-411xx/CVE-2023-41163.json) (`2023-08-30T22:15:10.297`) -* [CVE-2023-23765](CVE-2023/CVE-2023-237xx/CVE-2023-23765.json) (`2023-08-30T23:15:08.447`) +* [CVE-2023-3489](CVE-2023/CVE-2023-34xx/CVE-2023-3489.json) (`2023-08-31T00:15:07.913`) +* [CVE-2023-31423](CVE-2023/CVE-2023-314xx/CVE-2023-31423.json) (`2023-08-31T01:15:07.860`) +* [CVE-2023-31424](CVE-2023/CVE-2023-314xx/CVE-2023-31424.json) (`2023-08-31T01:15:08.537`) +* [CVE-2023-31925](CVE-2023/CVE-2023-319xx/CVE-2023-31925.json) (`2023-08-31T01:15:08.753`) +* [CVE-2023-4162](CVE-2023/CVE-2023-41xx/CVE-2023-4162.json) (`2023-08-31T01:15:08.943`) +* [CVE-2023-4163](CVE-2023/CVE-2023-41xx/CVE-2023-4163.json) (`2023-08-31T01:15:09.190`) +* [CVE-2023-4649](CVE-2023/CVE-2023-46xx/CVE-2023-4649.json) (`2023-08-31T01:15:09.390`) +* [CVE-2023-4650](CVE-2023/CVE-2023-46xx/CVE-2023-4650.json) (`2023-08-31T01:15:09.623`) +* [CVE-2023-4651](CVE-2023/CVE-2023-46xx/CVE-2023-4651.json) (`2023-08-31T01:15:09.787`) +* [CVE-2023-4652](CVE-2023/CVE-2023-46xx/CVE-2023-4652.json) (`2023-08-31T01:15:10.063`) +* [CVE-2023-4653](CVE-2023/CVE-2023-46xx/CVE-2023-4653.json) (`2023-08-31T01:15:10.297`) +* [CVE-2023-4654](CVE-2023/CVE-2023-46xx/CVE-2023-4654.json) (`2023-08-31T01:15:10.573`) +* [CVE-2023-4655](CVE-2023/CVE-2023-46xx/CVE-2023-4655.json) (`2023-08-31T01:15:10.740`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `20` -* [CVE-2023-40901](CVE-2023/CVE-2023-409xx/CVE-2023-40901.json) (`2023-08-30T22:15:09.383`) +* [CVE-2019-13690](CVE-2019/CVE-2019-136xx/CVE-2019-13690.json) (`2023-08-31T00:39:07.533`) +* [CVE-2022-35205](CVE-2022/CVE-2022-352xx/CVE-2022-35205.json) (`2023-08-31T00:36:47.473`) +* [CVE-2022-35206](CVE-2022/CVE-2022-352xx/CVE-2022-35206.json) (`2023-08-31T00:36:57.233`) +* [CVE-2022-40433](CVE-2022/CVE-2022-404xx/CVE-2022-40433.json) (`2023-08-31T00:37:13.927`) +* [CVE-2022-4452](CVE-2022/CVE-2022-44xx/CVE-2022-4452.json) (`2023-08-31T00:39:17.717`) +* [CVE-2023-23774](CVE-2023/CVE-2023-237xx/CVE-2023-23774.json) (`2023-08-31T00:24:38.207`) +* [CVE-2023-23773](CVE-2023/CVE-2023-237xx/CVE-2023-23773.json) (`2023-08-31T00:24:59.020`) +* [CVE-2023-23771](CVE-2023/CVE-2023-237xx/CVE-2023-23771.json) (`2023-08-31T00:25:45.960`) +* [CVE-2023-23772](CVE-2023/CVE-2023-237xx/CVE-2023-23772.json) (`2023-08-31T00:25:58.953`) +* [CVE-2023-23770](CVE-2023/CVE-2023-237xx/CVE-2023-23770.json) (`2023-08-31T00:26:07.900`) +* [CVE-2023-39650](CVE-2023/CVE-2023-396xx/CVE-2023-39650.json) (`2023-08-31T00:26:15.827`) +* [CVE-2023-40998](CVE-2023/CVE-2023-409xx/CVE-2023-40998.json) (`2023-08-31T00:26:26.523`) +* [CVE-2023-40997](CVE-2023/CVE-2023-409xx/CVE-2023-40997.json) (`2023-08-31T00:26:33.640`) +* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-31T00:26:46.620`) +* [CVE-2023-40857](CVE-2023/CVE-2023-408xx/CVE-2023-40857.json) (`2023-08-31T00:27:11.427`) +* [CVE-2023-3705](CVE-2023/CVE-2023-37xx/CVE-2023-3705.json) (`2023-08-31T00:37:27.440`) +* [CVE-2023-34723](CVE-2023/CVE-2023-347xx/CVE-2023-34723.json) (`2023-08-31T00:37:46.940`) +* [CVE-2023-38712](CVE-2023/CVE-2023-387xx/CVE-2023-38712.json) (`2023-08-31T00:37:58.830`) +* [CVE-2023-38711](CVE-2023/CVE-2023-387xx/CVE-2023-38711.json) (`2023-08-31T00:38:08.170`) +* [CVE-2023-38710](CVE-2023/CVE-2023-387xx/CVE-2023-38710.json) (`2023-08-31T00:38:31.680`) ## Download and Usage