diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11080.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11080.json index ba9d9dd3174..96d06a35ff0 100644 --- a/CVE-2020/CVE-2020-110xx/CVE-2020-11080.json +++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11080.json @@ -2,8 +2,8 @@ "id": "CVE-2020-11080", "sourceIdentifier": "security-advisories@github.com", "published": "2020-06-03T23:15:11.073", - "lastModified": "2022-08-29T20:41:12.937", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T18:15:15.283", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -345,6 +345,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", + "source": "security-advisories@github.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/", "source": "security-advisories@github.com", diff --git a/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json b/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json index 116e5f74b7a..0c747555092 100644 --- a/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json +++ b/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23223", "sourceIdentifier": "security@apache.org", "published": "2022-01-25T13:15:08.137", - "lastModified": "2023-10-04T09:15:31.480", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T18:22:38.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "nvd@nist.gov", + "source": "security@apache.org", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-319" + "value": "CWE-522" } ] } diff --git a/CVE-2022/CVE-2022-305xx/CVE-2022-30527.json b/CVE-2022/CVE-2022-305xx/CVE-2022-30527.json index a836d848333..9749ce7b52e 100644 --- a/CVE-2022/CVE-2022-305xx/CVE-2022-30527.json +++ b/CVE-2022/CVE-2022-305xx/CVE-2022-30527.json @@ -2,8 +2,8 @@ "id": "CVE-2022-30527", "sourceIdentifier": "productcert@siemens.com", "published": "2023-10-10T11:15:10.603", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:51:21.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0", + "matchCriteriaId": "A7F0A543-38E1-48B9-A984-259081E49EAA" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20198.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20198.json index 26b50e7a21e..417c194d219 100644 --- a/CVE-2023/CVE-2023-201xx/CVE-2023-20198.json +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20198.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20198", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-10-16T16:15:10.023", - "lastModified": "2023-10-16T16:15:10.023", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20235.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20235.json index 73343b43d68..f9e5dedc8e9 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20235.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20235.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20235", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-10-04T17:15:09.917", - "lastModified": "2023-10-04T18:14:55.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:07:12.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.\r\n\r This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de flujo de trabajo de desarrollo de aplicaciones en el dispositivo para la infraestructura de alojamiento de aplicaciones Cisco IOx en el software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado acceda al sistema operativo subyacente como usuario root. Esta vulnerabilidad existe porque los contenedores Docker con la opci\u00f3n de tiempo de ejecuci\u00f3n privilegiado no se bloquean cuando est\u00e1n en modo de desarrollo de aplicaciones. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando la CLI de Docker para acceder a un dispositivo afectado. El flujo de trabajo de desarrollo de aplicaciones est\u00e1 destinado a usarse \u00fanicamente en sistemas de desarrollo y no en sistemas de producci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,145 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3.1", + "matchCriteriaId": "100403F0-0796-4993-A2AF-6A14EDC84478" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ie3200_rugged_switch:-:*:*:*:*:*:*:*", + "matchCriteriaId": "86879AC0-890E-42F4-9561-6851F38FE0AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ie3300_rugged_switch:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19017B10-F630-42CD-ACD2-E817FEF0E7F1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ie3400_rugged_switch:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C7CCC02-113E-4EA1-B0CA-9FDF1108BB71" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ir1101:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68D183A4-2B4D-4DFB-B7F3-2B7AEC0E759E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ir1821-k9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "564DB1E0-7FDA-4E6B-8ABF-4A7BDB07BABE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ir1831-k9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E218F9E1-8CB9-472D-815D-EAC68D1F5F9D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ir1833-k9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "31498808-5603-43A2-B7F1-D6111F824F9B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ir1835-k9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B112725-CB72-48FC-8C73-3FCFF7DADF4F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ir8140h-k9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA64916D-3743-4A5F-9021-07EB0B352FF9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ir8140h-p-k9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BC6129CB-2C8F-4786-AE76-89C4866BE0E3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:catalyst_ir8340-k9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C9D37A1-D1AA-45B7-861B-046863A67727" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:ess-3300-24t-con-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D4C98B90-69B3-4BDF-A569-4C102498BFAD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:ess-3300-24t-con-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7646B0A1-FDF5-4A60-A451-E84CE355302E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:ess-3300-24t-ncp-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA889066-14A8-4D88-9EFF-582FE1E65108" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:ess-3300-24t-ncp-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A0C09AE-CD2A-486A-82D4-2F26AA6B6B95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:ess-3300-con-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BEF81CC0-AEED-42DE-B423-8F4E118680BA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:ess-3300-con-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EDAAFDF1-7A3C-475F-AE82-B3194939D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:ess-3300-ncp-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9566FC8C-0357-4780-976F-8A68E6A7D24A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:ess-3300-ncp-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "07503D21-965B-49F0-B8F2-B5ECD656F277" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json index 988ee024219..dd682e8aaf6 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20867", "sourceIdentifier": "security@vmware.com", "published": "2023-06-13T17:15:14.070", - "lastModified": "2023-10-16T06:15:08.633", + "lastModified": "2023-10-16T18:15:15.577", "vulnStatus": "Modified", "cisaExploitAdd": "2023-06-23", "cisaActionDue": "2023-07-14", @@ -104,6 +104,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11", + "source": "security@vmware.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2", "source": "security@vmware.com" diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26318.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26318.json index b55fe34546a..d131d7b8e8a 100644 --- a/CVE-2023/CVE-2023-263xx/CVE-2023-26318.json +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26318.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26318", "sourceIdentifier": "security@xiaomi.com", "published": "2023-10-11T07:15:09.890", - "lastModified": "2023-10-11T12:54:12.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:00:41.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@xiaomi.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "security@xiaomi.com", "type": "Secondary", @@ -50,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mi:xiaomi_router_ax3200_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "B83DBDCF-18F3-4653-AFFB-1674EFB12520" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mi:xiaomi_router_ax3200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E84167F-E0B9-465F-ACD8-2202FDA73949" + } + ] + } + ] + } + ], "references": [ { "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=539", - "source": "security@xiaomi.com" + "source": "security@xiaomi.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26319.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26319.json index eb10293a60c..85d3de64070 100644 --- a/CVE-2023/CVE-2023-263xx/CVE-2023-26319.json +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26319.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26319", "sourceIdentifier": "security@xiaomi.com", "published": "2023-10-11T07:15:10.103", - "lastModified": "2023-10-11T12:54:12.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:02:59.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@xiaomi.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "security@xiaomi.com", "type": "Secondary", @@ -50,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mi:xiaomi_router_ax3200_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "B83DBDCF-18F3-4653-AFFB-1674EFB12520" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mi:xiaomi_router_ax3200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E84167F-E0B9-465F-ACD8-2202FDA73949" + } + ] + } + ] + } + ], "references": [ { "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=536", - "source": "security@xiaomi.com" + "source": "security@xiaomi.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26320.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26320.json index 33a7eda7214..506cb990ad8 100644 --- a/CVE-2023/CVE-2023-263xx/CVE-2023-26320.json +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26320.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26320", "sourceIdentifier": "security@xiaomi.com", "published": "2023-10-11T07:15:10.257", - "lastModified": "2023-10-11T12:54:12.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:04:10.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "security@xiaomi.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "security@xiaomi.com", "type": "Secondary", @@ -50,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mi:xiaomi_router_ax3200_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "B83DBDCF-18F3-4653-AFFB-1674EFB12520" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mi:xiaomi_router_ax3200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E84167F-E0B9-465F-ACD8-2202FDA73949" + } + ] + } + ] + } + ], "references": [ { "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=540", - "source": "security@xiaomi.com" + "source": "security@xiaomi.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2744.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2744.json index fb2353fa675..7ccc48d2c28 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2744.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2744.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2744", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:11.433", - "lastModified": "2023-06-30T17:41:02.260", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T18:15:15.790", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/175106/WordPress-WP-ERP-1.12.2-SQL-Injection.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/435da8a1-9955-46d7-a508-b5738259e731", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29842.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29842.json index 367f4211a68..0c05da97ede 100644 --- a/CVE-2023/CVE-2023-298xx/CVE-2023-29842.json +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29842.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29842", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-04T03:15:09.600", - "lastModified": "2023-05-10T03:58:32.817", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T18:15:15.697", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/175105/ChurchCRM-4.5.4-SQL-Injection.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/ChurchCRM/CRM", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30900.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30900.json index 5dc2833c44c..931f622cd09 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30900.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30900.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30900", "sourceIdentifier": "productcert@siemens.com", "published": "2023-10-10T11:15:11.640", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:20:19.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:xpedition_layout_browser:*:*:*:*:*:*:*:*", + "versionEndExcluding": "vx.2.14", + "matchCriteriaId": "E99C4608-324C-45BC-B3BA-13D6D47B735A" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-829656.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3440.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3440.json index a18a83ab069..678c80e29e2 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3440.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3440.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3440", "sourceIdentifier": "hirt@hitachi.co.jp", "published": "2023-10-03T02:15:09.537", - "lastModified": "2023-10-03T12:51:52.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:06:06.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "hirt@hitachi.co.jp", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "hirt@hitachi.co.jp", "type": "Secondary", @@ -50,10 +80,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:jp1\\/performance_management:-:*:*:*:*:*:*:*", + "matchCriteriaId": "989A2943-7EA0-4940-9430-CC71547E5144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-145/index.html", - "source": "hirt@hitachi.co.jp" + "source": "hirt@hitachi.co.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36479.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36479.json index 35a14cef56b..0667dd22d16 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36479.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36479.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36479", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-15T19:15:08.387", - "lastModified": "2023-09-30T15:15:09.973", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:20:18.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -126,6 +126,31 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] } ], "references": [ @@ -161,11 +186,18 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5507", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36803.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36803.json index dfc479409e6..0914d3735a3 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36803.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36803.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36803", "sourceIdentifier": "secure@microsoft.com", "published": "2023-09-12T17:15:15.717", - "lastModified": "2023-09-14T20:13:48.670", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T18:15:15.903", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Windows Kernel Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n del Kernel de Windows" } ], "metrics": { @@ -110,6 +114,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/175109/Microsoft-Windows-Kernel-Out-Of-Bounds-Reads-Memory-Disclosure.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36803", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36839.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36839.json index 7997ad8869c..432cfe1f323 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36839.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36839.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36839", "sourceIdentifier": "sirt@juniper.net", "published": "2023-10-12T23:15:10.883", - "lastModified": "2023-10-13T12:47:48.873", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:27:00.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nAn Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).\n\nThis issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S2;\n * 22.4 versions prior to 22.4R2;\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 version 21.1R1-EVO and later versions;\n * 21.2 versions prior to 21.2R3-S5-EVO;\n * 21.3 versions prior to 21.3R3-S4-EVO;\n * 21.4 versions prior to 21.4R3-S3-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R3-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO;\n * 22.4 versions prior to 22.4R1-S1-EVO;\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Una validaci\u00f3n inadecuada de la vulnerabilidad de cantidad especificada en la entrada en Layer-2 control protocols daemon (l2cpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado que env\u00eda paquetes LLDP espec\u00edficos provoque una Denegaci\u00f3n de Servicio (DoS). Este problema ocurre cuando se reciben paquetes LLDP espec\u00edficos y se realiza un sondeo de telemetr\u00eda en el dispositivo. El impacto del fallo de l2cpd es la reinicializaci\u00f3n de los protocolos STP (RSTP, MSTP o VSTP) y MVRP y ERP. Adem\u00e1s, si alg\u00fan servicio depende del estado de LLDP (como PoE o reconocimiento de dispositivo VoIP), tambi\u00e9n se ver\u00e1 afectado. Este problema afecta a: Juniper Networks Junos OS * Todas las versiones anteriores a 20.4R3-S8; * 21.1 versi\u00f3n 21.1R1 y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S5; * Versiones 21.3 anteriores a 21.3R3-S4; * Versiones 21.4 anteriores a 21.4R3-S3; * Versiones 22.1 anteriores a 22.1R3-S2; * Versiones 22.2 anteriores a 22.2R3; * Versiones 22.3 anteriores a 22.3R2-S2; * Versiones 22.4 anteriores a 22.4R2; Juniper Networks Junos OS Evolved * Todas las versiones anteriores a 20.4R3-S8-EVO; * 21.1 versi\u00f3n 21.1R1-EVO y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S5-EVO; * Versiones 21.3 anteriores a 21.3R3-S4-EVO; * Versiones 21.4 anteriores a 21.4R3-S3-EVO; * Versiones 22.1 anteriores a 22.1R3-S2-EVO; * Versiones 22.2 anteriores a 22.2R3-EVO; * Versiones 22.3 anteriores a 22.3R2-S2-EVO; * Versiones 22.4 anteriores a 22.4R1-S1-EVO;" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1284" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -46,10 +80,812 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20.4", + "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", + "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", + "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*", + "matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "4BFDCC2B-FAB5-4164-8D70-28E4DFF052AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", + "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", + "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20.4", + "matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*", + "matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*", + "matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*", + "matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*", + "matchCriteriaId": "89B9BF7C-525C-4819-B80D-9B5F240F9878" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "FA43782E-0719-496E-9237-E1ABD3C4C664" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "78897DD2-E161-4191-94FF-7400FB612DF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*", + "matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", + "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154" + } + ] + } + ] + } + ], "references": [ { "url": "https://supportportal.juniper.net/JSA73171", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37194.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37194.json index ab2067cb4ae..db77279eedf 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37194.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37194.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37194", "sourceIdentifier": "productcert@siemens.com", "published": "2023-10-10T11:15:11.903", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:28:22.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,150 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152B002C-C7B0-4891-9D78-0E2464D33B92" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6304FA24-F194-4EE2-95F5-35D086F82C01" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D249133-0B8A-4587-B453-44852E3EAFC6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA074FBE-1C3E-4441-8C51-52B555B85D9F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1623_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "23579942-1BD9-4D73-9AD7-0FA68E5FDFDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1623:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1B56820D-3842-4810-A9A9-F7F051C81374" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1626_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B55E584-06BA-4E1C-93B0-004B506FCBF3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*", + "matchCriteriaId": "581EA284-EDD6-4EA5-96B2-67904D1D9DC7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1628_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A397C5DD-6495-463D-8EEF-9F1325A0B6CF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1628:-:*:*:*:*:*:*:*", + "matchCriteriaId": "597593D3-BCFD-40DF-A83C-18F9D134863B" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37195.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37195.json index f9c34f4783c..d1c93efe590 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37195.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37195.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37195", "sourceIdentifier": "productcert@siemens.com", "published": "2023-10-10T11:15:11.983", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:31:17.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,150 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152B002C-C7B0-4891-9D78-0E2464D33B92" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6304FA24-F194-4EE2-95F5-35D086F82C01" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D249133-0B8A-4587-B453-44852E3EAFC6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA074FBE-1C3E-4441-8C51-52B555B85D9F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1623_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "23579942-1BD9-4D73-9AD7-0FA68E5FDFDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1623:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1B56820D-3842-4810-A9A9-F7F051C81374" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1626_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B55E584-06BA-4E1C-93B0-004B506FCBF3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*", + "matchCriteriaId": "581EA284-EDD6-4EA5-96B2-67904D1D9DC7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1628_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A397C5DD-6495-463D-8EEF-9F1325A0B6CF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1628:-:*:*:*:*:*:*:*", + "matchCriteriaId": "597593D3-BCFD-40DF-A83C-18F9D134863B" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38140.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38140.json index e43bd8a4c2b..4d52628ff4b 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38140.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38140.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38140", "sourceIdentifier": "secure@microsoft.com", "published": "2023-09-12T17:15:16.547", - "lastModified": "2023-09-14T20:14:42.167", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T18:15:16.030", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Windows Kernel Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n del Kernel de Windows" } ], "metrics": { @@ -104,6 +108,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/175108/Microsoft-Windows-Kernel-Paged-Pool-Memory-Disclosure.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38140", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38141.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38141.json index 031050f0516..f2a0909a377 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38141.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38141.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38141", "sourceIdentifier": "secure@microsoft.com", "published": "2023-09-12T17:15:16.723", - "lastModified": "2023-09-14T20:14:59.463", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T18:15:16.163", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Windows Kernel Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios del Kernel de Windows" } ], "metrics": { @@ -146,6 +150,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/175096/Microsoft-Windows-Kernel-Race-Condition-Memory-Corruption.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38141", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39447.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39447.json index b803799c2f1..79d2186b3f8 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39447.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39447.json @@ -2,12 +2,16 @@ "id": "CVE-2023-39447", "sourceIdentifier": "f5sirt@f5.com", "published": "2023-10-10T13:15:20.613", - "lastModified": "2023-10-10T13:41:53.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:40:24.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n" + }, + { + "lang": "es", + "value": "Cuando se configura BIG-IP APM Guided Configurations, es posible que se registre informaci\u00f3n confidencial no divulgada en restnoded log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan." } ], "metrics": { @@ -46,10 +50,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.1.0", + "versionEndExcluding": "15.1.8", + "matchCriteriaId": "48743FD4-1E72-4550-92D6-F06D6D0AF142" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.4", + "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AD637AF5-F7D1-428F-955E-16756B7476E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0", + "versionEndIncluding": "7.7", + "matchCriteriaId": "C36042F8-9B48-4E0D-ABC1-F10BE2A49CB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "63E1215D-2724-4249-B0FD-16C32480A11D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6AED33D2-594D-4057-A7D5-041665AA6E07" + } + ] + } + ] + } + ], "references": [ { "url": "https://my.f5.com/manage/s/article/K47756555", - "source": "f5sirt@f5.com" + "source": "f5sirt@f5.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40180.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40180.json new file mode 100644 index 00000000000..2245d71d268 --- /dev/null +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40180.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-40180", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-16T19:15:10.567", + "lastModified": "2023-10-16T19:24:26.033", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries", + "source": "security-advisories@github.com" + }, + { + "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41261.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41261.json index 6bced13b420..25101c4215b 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41261.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41261.json @@ -2,19 +2,80 @@ "id": "CVE-2023-41261", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-12T23:15:11.137", - "lastModified": "2023-10-13T12:47:48.873", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:25:05.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en /fcgi/scrut_fcgi.fcgi en Plixer Scrutinizer antes de 19.3.1. La acci\u00f3n de endpoint csvExportReport generateCSV no requiere autenticaci\u00f3n y permite a un usuario no autenticado exportar un informe y acceder a los resultados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plixer:scrutinizer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "19.3.1", + "matchCriteriaId": "390C6B6A-DED5-42CC-84D4-E4A208560B74" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41262.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41262.json index e368cffdc44..75c66b609fe 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41262.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41262.json @@ -2,19 +2,80 @@ "id": "CVE-2023-41262", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-12T23:15:11.190", - "lastModified": "2023-10-13T12:47:48.873", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:17:04.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en /fcgi/scrut_fcgi.fcgi en Plixer Scrutinizer antes de 19.3.1. La acci\u00f3n de endpoint csvExportReport generateCSV es vulnerable a la inyecci\u00f3n de SQL a trav\u00e9s del par\u00e1metro de clasificaci\u00f3n, lo que permite a un usuario no autenticado ejecutar declaraciones SQL arbitrarias en el contexto del servidor de base de datos backend de la aplicaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plixer:scrutinizer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "19.3.1", + "matchCriteriaId": "390C6B6A-DED5-42CC-84D4-E4A208560B74" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41263.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41263.json index 737a70b0c72..d2e6bcc67de 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41263.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41263.json @@ -2,19 +2,80 @@ "id": "CVE-2023-41263", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-12T23:15:11.243", - "lastModified": "2023-10-13T12:47:48.873", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:24:04.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Plixer Scrutinizer antes de la versi\u00f3n 19.3.1. Expone registros de depuraci\u00f3n a usuarios no autenticados en la ruta URL /debug/. Con conocimiento de las direcciones IP v\u00e1lidas y los tipos de fuentes, un atacante no autenticado puede descargar registros de depuraci\u00f3n que contengan informaci\u00f3n relacionada con la aplicaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plixer:scrutinizer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "19.3.1", + "matchCriteriaId": "390C6B6A-DED5-42CC-84D4-E4A208560B74" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41900.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41900.json index dec1c0a04a3..e6ef3812b04 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41900.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41900.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41900", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-15T21:15:11.600", - "lastModified": "2023-09-29T12:15:12.980", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:20:23.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -101,6 +101,26 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] } ], "references": [ @@ -129,7 +149,10 @@ }, { "url": "https://www.debian.org/security/2023/dsa-5507", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42189.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42189.json index 06004628736..e0eb8cdbbbc 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42189.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42189.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42189", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T03:15:09.530", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:36:13.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,310 @@ "value": "Vulnerabilidad de permisos inseguros en Connectivity Standards Alliance Matter Official SDK v.1.1.0.0, Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030 y yeelight smart lamp v.1.12.69 permite que un atacante remoto provoque una denegaci\u00f3n de servicio mediante un script manipulado para la funci\u00f3n KeySetRemove." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tapo:mini_smart_wi-fi_plug_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ABD30F53-CE65-4DB3-8A0B-B26367A58462" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tapo:mini_smart_wi-fi_plug:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1E838B3-4294-427A-A1F1-34838A9B0577" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:*:*:*:*:*:*:*", + "matchCriteriaId": "989DFDCB-4FA9-414F-9338-A8252FEFDF57" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nanoleaf:lightstrip:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B1D083D2-C5A4-4819-BFE0-37B3C083BCFB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:govee:led_strip_firmware:3.00.42:*:*:*:*:*:*:*", + "matchCriteriaId": "0C2C7970-79DD-4A3B-A7B4-14B8F2DF8D7D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:govee:led_strip:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C0B1C4EC-749F-483D-BEE5-4BA2CCCAF5A6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:switchbot:hub2_firmware:1.0-0.8:*:*:*:*:*:*:*", + "matchCriteriaId": "780404E5-F030-4926-A6EE-D2A2801F3C78" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:switchbot:hub2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C758966A-6044-47AC-8E98-8CFB372C100C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:phillips:hue_hub_firmware:1.59.1959097030:*:*:*:*:*:*:*", + "matchCriteriaId": "65E03870-C822-4E62-86FA-010F9C72519E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:phillips:hue_hub:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B47D414B-811A-4E11-9280-43C615C3F3E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:yeelight:smart_lamp_firmware:1.12.69:*:*:*:*:*:*:*", + "matchCriteriaId": "2ECB5733-DB50-45DC-ADC1-DBC38862FDE0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:yeelight:smart_lamp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "35BF7DF6-A135-4475-BC40-F112801F29C3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:smart_plug_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15183145-06A4-4581-8139-DDE5F739BD60" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:smart_plug:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4F365908-059D-4672-A763-73371DA99E67" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:orein:smart_bulb_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "59542003-A1FE-4A28-B0FC-01120FD3C82A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:orein:smart_bulb:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2DB5483F-2334-4283-9F84-E81D038B001C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:eve:eve_door_and_window_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "60DD5C35-880E-4488-8758-0DA9545F481C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:eve:eve_door_and_window:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC2873C9-86D3-462A-B362-24F2CAE0FC2E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/project-chip/connectedhomeip/issues/28518", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/project-chip/connectedhomeip/issues/28679", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42477.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42477.json index 278da9c0e62..59cf2dfb35f 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42477.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42477.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42477", "sourceIdentifier": "cna@sap.com", "published": "2023-10-10T02:15:11.103", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:14:29.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -50,14 +70,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*", + "matchCriteriaId": "9C506445-3787-4BFF-A98B-7502A0F7CF80" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3333426", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json index 8274a4b0c6b..e1c91aacc2b 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42753", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-25T21:15:15.923", - "lastModified": "2023-09-27T15:19:33.057", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:41:01.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -80,8 +80,8 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "6.5", - "matchCriteriaId": "9E3BCCDE-3830-434C-9D47-F8B46B03DEFA" + "versionEndExcluding": "6.6", + "matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783" } ] } @@ -130,7 +130,12 @@ }, { "url": "https://seclists.org/oss-sec/2023/q3/216", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/09/22/10", diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42796.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42796.json index 47b11f1d8a1..b7a13f144b7 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42796.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42796.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42796", "sourceIdentifier": "productcert@siemens.com", "published": "2023-10-10T11:15:12.150", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:36:54.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -50,10 +70,72 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*", + "versionEndExcluding": "05.11", + "matchCriteriaId": "5DDCBDDD-3936-462A-A93A-696AAEBB4EBA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*", + "matchCriteriaId": "929EF3DE-C8E6-49DA-98C0-13AB4C966AA7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*", + "versionEndExcluding": "05.11", + "matchCriteriaId": "36A1AC2A-A6D1-4C2F-9439-FA093EB6B44D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D24F9EDC-DA14-477D-B9C1-C9BF56E9B057" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43115.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43115.json index 442f7563306..600d25f57eb 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43115.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43115.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43115", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T08:15:07.380", - "lastModified": "2023-10-15T04:15:12.167", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T18:15:16.290", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -94,6 +94,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/", "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43120.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43120.json new file mode 100644 index 00000000000..9d75e675ca0 --- /dev/null +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43120.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-43120", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-16T19:15:10.680", + "lastModified": "2023-10-16T19:24:26.033", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114377", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-432xx/CVE-2023-43271.json b/CVE-2023/CVE-2023-432xx/CVE-2023-43271.json index d79a6d7fdae..2ed3f3e52e1 100644 --- a/CVE-2023/CVE-2023-432xx/CVE-2023-43271.json +++ b/CVE-2023/CVE-2023-432xx/CVE-2023-43271.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43271", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-09T21:15:10.173", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:09:54.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,86 @@ "value": "El control de acceso incorrecto en 70mai a500s v1.2.119 permite a los atacantes acceder y eliminar directamente los archivos de v\u00eddeo de la grabadora de conducci\u00f3n a trav\u00e9s de ftp y otros protocolos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:70mai:a500s_firmware:1.2.119:*:*:*:*:*:*:*", + "matchCriteriaId": "B2121501-D225-45EE-90EC-E949D26E2820" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:70mai:a500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C401CE32-74F5-4E1E-BB81-D286F0AE26E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Question-h/vuln/blob/master/70mai_a500s_backdoor.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/Question-h/vuln/blob/master/CVE-2023-43271.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43623.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43623.json index 4ba16d1f161..3942d4f3216 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43623.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43623.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43623", "sourceIdentifier": "productcert@siemens.com", "published": "2023-10-10T11:15:12.240", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:01:01.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.7.3", + "matchCriteriaId": "A4841C81-BDB6-4D19-9399-25E106AF654B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.1.3", + "matchCriteriaId": "4D6E5A35-E9FB-4F42-8022-605EE691C0B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.4.0", + "matchCriteriaId": "B5D68BE8-7D5E-4FFF-A1B6-E9ECA060BCEC" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-295483.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43633.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43633.json index 6d59a6d74d7..d93b159bf5f 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43633.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43633.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43633", "sourceIdentifier": "cve@asrg.io", "published": "2023-09-21T14:15:11.330", - "lastModified": "2023-09-28T06:15:12.217", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:30:32.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -112,7 +112,10 @@ "references": [ { "url": "https://asrg.io/security-advisories/cve-2023-43633/", - "source": "cve@asrg.io" + "source": "cve@asrg.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43634.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43634.json index 3590335e059..c192c17d843 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43634.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43634.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43634", "sourceIdentifier": "cve@asrg.io", "published": "2023-09-21T14:15:11.477", - "lastModified": "2023-09-28T06:15:12.620", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:29:48.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,7 +11,7 @@ }, { "lang": "es", - "value": "Al sellar/abrir la clave de \u201cvault\u201d, se utiliza una lista de PCRs, que define qu\u00e9 PCRs se utilizan. En un proyecto anterior, CYMOTIVE descubri\u00f3 que la configuraci\u00f3n no est\u00e1 protegida por el arranque seguro y, en respuesta, Zededa implement\u00f3 medidas en la partici\u00f3n de configuraci\u00f3n que estaba asignada a PCR 13. En ese proceso, PCR 13 se agreg\u00f3 a la lista de PCRs que sellan /abrir la llave. En la confirmaci\u00f3n \u201c56e589749c6ff58ded862d39535d43253b249acf\u201d, la medici\u00f3n de la partici\u00f3n de configuraci\u00f3n pas\u00f3 de PCR 13 a PCR 14, pero PCR 14 no se agreg\u00f3 a la lista de PCR que sellan/abren la clave. Este cambio hace que la medici\u00f3n de PCR 14 sea efectivamente redundante ya que no afectar\u00eda el sellado/abrir de la llave. Un atacante podr\u00eda modificar la partici\u00f3n de configuraci\u00f3n sin activar el arranque medido, lo que podr\u00eda dar como resultado que el atacante obtenga control total sobre el dispositivo con acceso completo al contenido de la \"vault\" cifrada.\n" + "value": "Al sellar/abrir la clave de \u201cvault\u201d, se utiliza una lista de PCRs, que define qu\u00e9 PCRs se utilizan. En un proyecto anterior, CYMOTIVE descubri\u00f3 que la configuraci\u00f3n no est\u00e1 protegida por el arranque seguro y, en respuesta, Zededa implement\u00f3 medidas en la partici\u00f3n de configuraci\u00f3n que estaba asignada a PCR 13. En ese proceso, PCR 13 se agreg\u00f3 a la lista de PCRs que sellan /abrir la llave. En el commit \u201c56e589749c6ff58ded862d39535d43253b249acf\u201d, la medici\u00f3n de la partici\u00f3n de configuraci\u00f3n pas\u00f3 de PCR 13 a PCR 14, pero PCR 14 no se agreg\u00f3 a la lista de PCR que sellan/abren la clave. Este cambio hace que la medici\u00f3n de PCR 14 sea efectivamente redundante ya que no afectar\u00eda el sellado/abrir de la llave. Un atacante podr\u00eda modificar la partici\u00f3n de configuraci\u00f3n sin activar el arranque medido, lo que podr\u00eda dar como resultado que el atacante obtenga control total sobre el dispositivo con acceso completo al contenido de la \"vault\" cifrada." } ], "metrics": { @@ -112,7 +112,10 @@ "references": [ { "url": "https://asrg.io/security-advisories/cve-2023-43634/", - "source": "cve@asrg.io" + "source": "cve@asrg.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43637.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43637.json index c26a96702f8..67bdda7c553 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43637.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43637.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43637", "sourceIdentifier": "cve@asrg.io", "published": "2023-09-21T14:15:11.643", - "lastModified": "2023-09-28T06:15:13.797", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:30:36.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -101,7 +101,10 @@ "references": [ { "url": "https://asrg.io/security-advisories/cve-2023-43637/", - "source": "cve@asrg.io" + "source": "cve@asrg.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43746.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43746.json index 816e58fb1d4..0be67ad6aa9 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43746.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43746.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43746", "sourceIdentifier": "f5sirt@f5.com", "published": "2023-10-10T13:15:21.783", - "lastModified": "2023-10-10T13:41:53.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:53:30.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nWhen running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.\u00a0 A successful exploit can allow the attacker to cross a security boundary.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." + }, + { + "lang": "es", + "value": "Cuando se ejecuta en modo Appliance, un usuario autenticado al que se le haya asignado la funci\u00f3n de Administrator puede evitar las restricciones del modo Appliance, utilizando el monitor externo BIG-IP en un sistema BIG-IP. Un exploit exitoso puede permitir al atacante cruzar un l\u00edmite de seguridad. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan." } ], "metrics": { @@ -46,10 +50,170 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "14.1.5", + "matchCriteriaId": "94E0B611-902C-46BC-A099-881398828F0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.1.0", + "versionEndExcluding": "15.1.9", + "matchCriteriaId": "F11226F6-9080-4126-ACBD-7211A2746214" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.4", + "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "14.1.5", + "matchCriteriaId": "4AF2DF45-D15E-4239-A66C-9F8A924E383A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.1.0", + "versionEndExcluding": "15.1.9", + "matchCriteriaId": "6DD4CF11-44E9-4596-9397-AF7DBD81277B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.4", + "matchCriteriaId": "DE979976-11C7-4AFF-8BE4-A094CC9C39CF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "14.1.5", + "matchCriteriaId": "34A88673-CDD5-48FC-9491-6852324E26EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.1.0", + "versionEndExcluding": "15.1.9", + "matchCriteriaId": "8D82BCD8-136A-476C-AC86-710CA8B32EB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.4", + "matchCriteriaId": "377DE308-CF91-488A-B296-30A3B09451D3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "14.1.5", + "matchCriteriaId": "F53FFE68-BE06-4F16-8C33-58711E86E254" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.1.0", + "versionEndExcluding": "15.1.9", + "matchCriteriaId": "C0FE692A-CD63-4354-B599-2F47EEEFDD37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.4", + "matchCriteriaId": "B2F02EC0-E6C2-4E00-9804-043982D88BCE" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "14.1.5", + "matchCriteriaId": "E9BB7368-B6F8-462F-B17F-02CFBB0EE310" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.1.0", + "versionEndExcluding": "15.1.9", + "matchCriteriaId": "672067B7-C838-4F0B-B3D0-E85F71715B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.4", + "matchCriteriaId": "A4C17D18-1172-4396-9099-F1F5EAEACE5A" + } + ] + } + ] + } + ], "references": [ { "url": "https://my.f5.com/manage/s/article/K41072952", - "source": "f5sirt@f5.com" + "source": "f5sirt@f5.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44093.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44093.json index d834f36ff20..76fdba095b7 100644 --- a/CVE-2023/CVE-2023-440xx/CVE-2023-44093.json +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44093.json @@ -2,23 +2,135 @@ "id": "CVE-2023-44093", "sourceIdentifier": "psirt@huawei.com", "published": "2023-10-11T11:15:13.423", - "lastModified": "2023-10-11T12:54:12.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:18:41.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad en las claves p\u00fablicas de los nombres de los paquetes que no se verifican en el m\u00f3dulo de seguridad. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3AD62E8B-CB4B-43A6-98E8-09A8A1A3505B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/10/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44392.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44392.json index 716b21228bd..12ba63378a9 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44392.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44392.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44392", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-09T20:15:10.393", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:08:49.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -54,14 +74,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:garden:garden:*:*:*:*:*:kubernetes:*:*", + "versionEndExcluding": "0.12.65", + "matchCriteriaId": "578BA987-86CC-4306-BDD9-8FD8DAB4D424" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:garden:garden:*:*:*:*:*:kubernetes:*:*", + "versionStartIncluding": "0.13.0", + "versionEndExcluding": "0.13.17", + "matchCriteriaId": "5D5D4DD6-0B6E-4321-B3FB-C237DCB73390" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/garden-io/garden/commit/3117964da40d3114f129a6131b4ada89eaa4eb8c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/garden-io/garden/security/advisories/GHSA-hm75-6vc9-8rpr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json index 2121960cbc7..f2354eafc4a 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json @@ -2,7 +2,7 @@ "id": "CVE-2023-44487", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T14:15:10.883", - "lastModified": "2023-10-15T19:15:09.450", + "lastModified": "2023-10-16T19:15:10.740", "vulnStatus": "Modified", "cisaExploitAdd": "2023-10-10", "cisaActionDue": "2023-10-31", @@ -589,6 +589,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", "source": "cve@mitre.org" @@ -682,6 +686,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20231016-0001/", + "source": "cve@mitre.org" + }, { "url": "https://security.paloaltonetworks.com/CVE-2023-44487", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44961.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44961.json index e4c670dbc3b..3c775e63d7e 100644 --- a/CVE-2023/CVE-2023-449xx/CVE-2023-44961.json +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44961.json @@ -2,19 +2,80 @@ "id": "CVE-2023-44961", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-11T19:15:10.883", - "lastModified": "2023-10-11T21:04:47.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:20:59.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Koha Library Software 23.0.5.04 y anteriores permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del componente intranet/cgi bin/cataloging/ysearch.pl." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:koha-community:koha_library_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.05.04", + "matchCriteriaId": "1340F420-5CF2-44A7-85AB-96B84AD7A5F8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/ggb0n/CVE-2023-44961", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44962.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44962.json index f393c7f3585..008d8a29eef 100644 --- a/CVE-2023/CVE-2023-449xx/CVE-2023-44962.json +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44962.json @@ -2,19 +2,80 @@ "id": "CVE-2023-44962", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-11T19:15:10.943", - "lastModified": "2023-10-11T21:04:47.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:21:28.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component." + }, + { + "lang": "es", + "value": "Vulnerabilidad de carga de archivos en Koha Library Software 23.05.04 y anteriores permite a un atacante remoto leer archivos arbitrarios a trav\u00e9s del componente upload-cover-image.pl." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:koha-community:koha_library_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.05.04", + "matchCriteriaId": "1340F420-5CF2-44A7-85AB-96B84AD7A5F8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/ggb0n/CVE-2023-44962", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44997.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44997.json index be5faa74b91..2b1a13ec2df 100644 --- a/CVE-2023/CVE-2023-449xx/CVE-2023-44997.json +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44997.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44997", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-11T08:15:08.883", - "lastModified": "2023-10-11T12:54:12.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:04:19.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nitinrathod:wp_forms_puzzle_captcha:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.1", + "matchCriteriaId": "2155FC90-E248-4182-806D-B4DC285F281D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-forms-puzzle-captcha/wordpress-wp-forms-puzzle-captcha-plugin-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45148.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45148.json new file mode 100644 index 00000000000..e559d5444db --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45148.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-45148", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-16T19:15:10.860", + "lastModified": "2023-10-16T19:24:26.033", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\\OC\\Memcache\\Redis` and install Redis instead of Memcached." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/server/pull/40293", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/2110945", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45151.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45151.json new file mode 100644 index 00000000000..2964ce1cfbb --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45151.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-45151", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-16T19:15:10.957", + "lastModified": "2023-10-16T19:24:26.033", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/server/pull/38398", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1994324", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45208.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45208.json index ea5a31f893b..760427d9b3a 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45208.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45208", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T05:15:09.260", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:48:47.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,90 @@ "value": "Una inyecci\u00f3n de comando en la funci\u00f3n parsing_xml_stasurvey dentro de libcgifunc.so del repetidor D-Link DAP-X1860 1.00 a 1.01b05-01 permite a los atacantes (dentro del alcance del repetidor) ejecutar comandos de shell como root durante el proceso de configuraci\u00f3n del repetidor, a trav\u00e9s de un SSID manipulado. Adem\u00e1s, los nombres de redes que contienen comillas simples (en el rango del repetidor) pueden provocar una denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.00:*:*:*:*:*:*:*", + "matchCriteriaId": "B77E3C38-5379-4242-A88D-A8F0309A7460" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.01b05-01:*:*:*:*:*:*:*", + "matchCriteriaId": "F568A5DD-3AD9-498F-8378-8A975499E971" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.01b94:*:*:*:*:*:*:*", + "matchCriteriaId": "867EA37B-DB3B-4406-8376-D1FD238A8CED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dap-1860:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D6579D66-FD76-4F30-A49A-E3CA406836B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-006/-d-link-dap-x1860-remote-command-injection", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45311.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45311.json index 6537affbf41..63805160cfa 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45311.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45311.json @@ -2,43 +2,128 @@ "id": "CVE-2023-45311", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-06T21:15:10.940", - "lastModified": "2023-10-06T22:23:04.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:13:18.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary." + }, + { + "lang": "es", + "value": "fsevents anterior a 1.2.11 depende de la URL https://fsevents-binaries.s3-us-west-2.amazonaws.com, lo que podr\u00eda permitir a un adversario ejecutar c\u00f3digo arbitrario si alg\u00fan proyecto JavaScript (que depende de fsevents) distribuye c\u00f3digo que se obtuvo de esa URL en un momento en que estaba controlada por un adversario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fsevents_project:fsevents:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "1.2.11", + "matchCriteriaId": "FA1FB339-2134-48A1-A7B7-8EF049BC43AE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/atlassian/moo/blob/56ccbdd41b493332bc2cd7a4097a5802594cdb9c/package-lock.json#L1901-L1902", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/atlassian/react-immutable-proptypes/blob/ddb9fa5194b931bf7528eb4f2c0a8c3434f70edd/package-lock.json#L153", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/cloudflare/authr/blob/3f6129d97d06e61033a7f237d84e35e678db490f/ts/package-lock.json#L1512", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/cloudflare/hugo-cloudflare-docs/blob/e0f7cfa195af8ef1bfa51a487be7d34ba298ed06/package-lock.json#L494", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/cloudflare/redux-grim/blob/b652f99f95fb16812336073951adc5c5a93e2c23/package-lock.json#L266-L267", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/cloudflare/serverless-cloudflare-workers/blob/e95e1e9c9770ed9a3d9480c1fa73e64391268354/package-lock.json#L737", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/fsevents/fsevents/compare/v1.2.10...v1.2.11", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45463.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45463.json index 4ddf916feef..4399e2d9d31 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45463.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45463.json @@ -2,19 +2,91 @@ "id": "CVE-2023-45463", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-13T13:15:11.987", - "lastModified": "2023-10-13T13:46:47.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:33:53.557", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro hostName en la funci\u00f3n FUN_0040dabc. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) mediante una entrada manipulada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*", + "matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*", + "matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20hostname%20parameter%20leads%20to%20DOS.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45466.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45466.json index e3662d0bb76..bfb96fb4aac 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45466.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45466.json @@ -2,19 +2,91 @@ "id": "CVE-2023-45466", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-13T13:15:12.147", - "lastModified": "2023-10-13T13:46:47.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:41:36.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro pin_host en la configuraci\u00f3n de WPS." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netis-systems:n3mv2_firmware:1.0.1.865:*:*:*:*:*:*:*", + "matchCriteriaId": "C3D18D01-01DD-4360-B30A-43BE90D6FCC4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*", + "matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20pin_host%20parameter%20in%20wps%20setting.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45468.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45468.json index 19044425354..488bdf4956d 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45468.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45468.json @@ -2,19 +2,92 @@ "id": "CVE-2023-45468", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-13T13:15:12.253", - "lastModified": "2023-10-13T13:46:47.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:38:51.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s de pingWdogIp. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) mediante una entrada manipulada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*", + "matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*", + "matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45660.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45660.json new file mode 100644 index 00000000000..b539e922d4f --- /dev/null +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45660.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-45660", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-16T19:15:11.060", + "lastModified": "2023-10-16T19:24:26.033", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/mail/pull/8459", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1895874", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45669.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45669.json new file mode 100644 index 00000000000..011ebcdd059 --- /dev/null +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45669.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-45669", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-16T19:15:11.167", + "lastModified": "2023-10-16T19:24:26.033", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", + "source": "security-advisories@github.com" + }, + { + "url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45683.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45683.json new file mode 100644 index 00000000000..ab9ec320bc8 --- /dev/null +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45683.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45683", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-16T19:15:11.253", + "lastModified": "2023-10-16T19:24:26.033", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim\u2019s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45685.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45685.json index a16a14d7936..1fab7ac7fbd 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45685.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45685.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45685", "sourceIdentifier": "cve@rapid7.con", "published": "2023-10-16T17:15:09.963", - "lastModified": "2023-10-16T17:15:09.963", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45686.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45686.json index 87eedcb8604..b866990ec68 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45686.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45686.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45686", "sourceIdentifier": "cve@rapid7.con", "published": "2023-10-16T17:15:10.040", - "lastModified": "2023-10-16T17:15:10.040", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45687.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45687.json index e8ab32a6a0c..5f5d97f7097 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45687.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45687.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45687", "sourceIdentifier": "cve@rapid7.con", "published": "2023-10-16T17:15:10.107", - "lastModified": "2023-10-16T17:15:10.107", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45688.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45688.json index 84adc9b9d6b..0ba086ee403 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45688.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45688.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45688", "sourceIdentifier": "cve@rapid7.con", "published": "2023-10-16T17:15:10.183", - "lastModified": "2023-10-16T17:15:10.183", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45689.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45689.json index 2010039c266..77a4af5fa9b 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45689.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45689.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45689", "sourceIdentifier": "cve@rapid7.con", "published": "2023-10-16T17:15:10.243", - "lastModified": "2023-10-16T17:15:10.243", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45690.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45690.json index d9d9d66f558..5c1489da837 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45690.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45690.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45690", "sourceIdentifier": "cve@rapid7.con", "published": "2023-10-16T17:15:10.310", - "lastModified": "2023-10-16T17:15:10.310", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-459xx/CVE-2023-45984.json b/CVE-2023/CVE-2023-459xx/CVE-2023-45984.json new file mode 100644 index 00000000000..56c814df346 --- /dev/null +++ b/CVE-2023/CVE-2023-459xx/CVE-2023-45984.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45984", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-16T18:15:16.510", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setLanguageCfg.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-459xx/CVE-2023-45985.json b/CVE-2023/CVE-2023-459xx/CVE-2023-45985.json new file mode 100644 index 00000000000..17bc2fed2c1 --- /dev/null +++ b/CVE-2023/CVE-2023-459xx/CVE-2023-45985.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45985", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-16T18:15:16.577", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setParentalRules.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json index d0034c1b379..440d2e29f6e 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4504", "sourceIdentifier": "cve@takeonme.org", "published": "2023-09-21T23:15:12.293", - "lastModified": "2023-10-07T03:15:10.747", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-16T19:32:08.873", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -81,6 +81,46 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] } ], "references": [ @@ -109,27 +149,50 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Mailing List", + "Release Notes" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Mailing List", + "Release Notes" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Mailing List", + "Release Notes" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Mailing List", + "Release Notes" + ] }, { "url": "https://takeonme.org/cves/CVE-2023-4504.html", diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46087.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46087.json index 4b130617be5..bc9d397f455 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46087.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46087.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46087", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-16T15:15:17.690", - "lastModified": "2023-10-16T15:15:17.690", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page \u2013 Hit Counter plugin <=\u00a01.4.14.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Mahlamusa Who Hit The Page \u2013 Hit Counter en versiones <= 1.4.14.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4733.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4733.json index 9dfcffe0887..81688e1abe1 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4733.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4733.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4733", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-04T14:15:07.563", - "lastModified": "2023-09-18T02:15:50.907", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:13:04.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.1840." + }, + { + "lang": "es", + "value": "Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1840." } ], "metrics": { @@ -91,10 +95,20 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" } ] } @@ -120,7 +134,10 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/", @@ -131,7 +148,10 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4750.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4750.json index c0c1f739f27..a1cf6a1f6a5 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4750.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4750.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4750", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-04T14:15:08.263", - "lastModified": "2023-09-18T02:15:51.030", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:13:09.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.1857." + }, + { + "lang": "es", + "value": "Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1857." } ], "metrics": { @@ -91,10 +95,20 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" } ] } @@ -120,7 +134,10 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/", @@ -131,7 +148,10 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4752.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4752.json index 2a72beccfa5..b88a87a81ec 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4752.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4752.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4752", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-04T14:15:08.450", - "lastModified": "2023-09-29T17:15:47.233", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:13:58.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -95,10 +95,35 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" } ] } @@ -118,17 +143,25 @@ "source": "security@huntr.dev", "tags": [ "Exploit", + "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/", @@ -139,7 +172,10 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4781.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4781.json index e096c0300b4..96ac024acb7 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4781.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4781.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4781", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-05T19:15:49.207", - "lastModified": "2023-09-29T17:15:47.317", - "vulnStatus": "Modified", + "lastModified": "2023-10-16T19:13:49.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -84,6 +84,21 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] } ], "references": [ @@ -99,13 +114,18 @@ "source": "security@huntr.dev", "tags": [ "Exploit", + "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4990.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4990.json index 40771691ac6..99335e66e0e 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4990.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4990.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4990", "sourceIdentifier": "product-security@gg.jp.panasonic.com", "published": "2023-10-11T08:15:09.053", - "lastModified": "2023-10-11T12:54:12.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:14:35.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "product-security@gg.jp.panasonic.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "product-security@gg.jp.panasonic.com", "type": "Secondary", @@ -50,10 +80,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mcl-collection:mcl-net_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.6.0.30210", + "matchCriteriaId": "E57F39C7-9824-46D4-96CD-40F927D80AE4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6E7CA504-1A26-4F94-AF47-68ED6BBE42FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.mcl-mobilityplatform.com/downloads.php", - "source": "product-security@gg.jp.panasonic.com" + "source": "product-security@gg.jp.panasonic.com", + "tags": [ + "Product", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5462.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5462.json index aacc28a116b..5886bafeae6 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5462.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5462.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5462", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-09T22:15:12.863", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:11:33.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,18 +97,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:xinje:xd5e-30r-e_firmware:3.5.3b:*:*:*:*:*:*:*", + "matchCriteriaId": "A8F2DEA6-E339-441A-A302-EB2249D29C48" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:xinje:xd5e-30r-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3817880B-19D0-4B2F-9E8D-4BD8C122677A" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?ctiid.241585", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.241585", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5463.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5463.json index 3798d4a1981..c2e613e1421 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5463.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5463.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5463", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-09T22:15:12.937", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T18:15:30.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,18 +97,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xinje:xdppro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.7.17a", + "matchCriteriaId": "D08D32C0-61AC-413D-893F-4072042CDBAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/drive/folders/1mpRxWOPjxVS980r0qu1IY_Hf0irKO-cu", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?ctiid.241586", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.241586", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5555.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5555.json index 5fd71a848f2..c30b317400b 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5555.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5555.json @@ -2,15 +2,41 @@ "id": "CVE-2023-5555", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-12T11:15:23.740", - "lastModified": "2023-10-12T12:59:34.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:23:31.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4." + }, + { + "lang": "es", + "value": "Cross-Site Scripting (XSS) gen\u00e9rico en el repositorio de GitHub frappe/lms anterior a 5614a6203fb7d438be8e2b1e3030e4528d170ec4." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,7 +62,7 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +70,51 @@ "value": "CWE-79" } ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:frappe:frappe_lms:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B81A1AF8-32B4-4D2D-B8DB-A2FB12178542" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/frappe/lms/commit/5614a6203fb7d438be8e2b1e3030e4528d170ec4", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/f6d688ee-b049-4f85-ac3e-f4d3e29e7b9f", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5556.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5556.json index fff422c4665..28aa1249a6e 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5556.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5556.json @@ -2,15 +2,41 @@ "id": "CVE-2023-5556", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-12T11:15:23.873", - "lastModified": "2023-10-12T12:59:34.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T19:23:44.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194." + }, + { + "lang": "es", + "value": "Cross-Site Scripting (XSS) Reflejado en el repositorio de GitHub structurizr/onpremises anterior a 3194." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +72,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:structurizr:on-premises_installation:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3194", + "matchCriteriaId": "07AE3041-EDE4-4566-8EFC-33814E884BDE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/structurizr/onpremises/commit/6cff4f792b010dfb1ff6a0b4ae1c6e398f8f8a18", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/a3ee0f98-6898-41ae-b1bd-242a03a73d1b", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5575.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5575.json index 52ca019ef8c..0b5839a11ed 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5575.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5575.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5575", "sourceIdentifier": "security@devolutions.net", "published": "2023-10-16T14:15:10.550", - "lastModified": "2023-10-16T14:15:10.550", - "vulnStatus": "Received", + "lastModified": "2023-10-16T18:33:43.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\nImproper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.\n\n\n" + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en la herencia de permisos en Devolutions Server 2022.3.13.0 y versiones anteriores permite que un atacante que comprometi\u00f3 a un usuario con pocos privilegios acceda a las entradas a trav\u00e9s de una combinaci\u00f3n espec\u00edfica de permisos en la entrada y en su nivel superior." } ], "metrics": {}, diff --git a/README.md b/README.md index 2555bee2a57..674450ed35f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-16T18:00:24.494366+00:00 +2023-10-16T20:00:24.350486+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-16T17:45:01.687000+00:00 +2023-10-16T19:53:30.110000+00:00 ``` ### Last Data Feed Release @@ -29,51 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227910 +227919 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `9` -* [CVE-2023-20198](CVE-2023/CVE-2023-201xx/CVE-2023-20198.json) (`2023-10-16T16:15:10.023`) -* [CVE-2023-45685](CVE-2023/CVE-2023-456xx/CVE-2023-45685.json) (`2023-10-16T17:15:09.963`) -* [CVE-2023-45686](CVE-2023/CVE-2023-456xx/CVE-2023-45686.json) (`2023-10-16T17:15:10.040`) -* [CVE-2023-45687](CVE-2023/CVE-2023-456xx/CVE-2023-45687.json) (`2023-10-16T17:15:10.107`) -* [CVE-2023-45688](CVE-2023/CVE-2023-456xx/CVE-2023-45688.json) (`2023-10-16T17:15:10.183`) -* [CVE-2023-45689](CVE-2023/CVE-2023-456xx/CVE-2023-45689.json) (`2023-10-16T17:15:10.243`) -* [CVE-2023-45690](CVE-2023/CVE-2023-456xx/CVE-2023-45690.json) (`2023-10-16T17:15:10.310`) +* [CVE-2023-45984](CVE-2023/CVE-2023-459xx/CVE-2023-45984.json) (`2023-10-16T18:15:16.510`) +* [CVE-2023-45985](CVE-2023/CVE-2023-459xx/CVE-2023-45985.json) (`2023-10-16T18:15:16.577`) +* [CVE-2023-40180](CVE-2023/CVE-2023-401xx/CVE-2023-40180.json) (`2023-10-16T19:15:10.567`) +* [CVE-2023-43120](CVE-2023/CVE-2023-431xx/CVE-2023-43120.json) (`2023-10-16T19:15:10.680`) +* [CVE-2023-45148](CVE-2023/CVE-2023-451xx/CVE-2023-45148.json) (`2023-10-16T19:15:10.860`) +* [CVE-2023-45151](CVE-2023/CVE-2023-451xx/CVE-2023-45151.json) (`2023-10-16T19:15:10.957`) +* [CVE-2023-45660](CVE-2023/CVE-2023-456xx/CVE-2023-45660.json) (`2023-10-16T19:15:11.060`) +* [CVE-2023-45669](CVE-2023/CVE-2023-456xx/CVE-2023-45669.json) (`2023-10-16T19:15:11.167`) +* [CVE-2023-45683](CVE-2023/CVE-2023-456xx/CVE-2023-45683.json) (`2023-10-16T19:15:11.253`) ### CVEs modified in the last Commit -Recently modified CVEs: `50` +Recently modified CVEs: `65` -* [CVE-2022-20739](CVE-2022/CVE-2022-207xx/CVE-2022-20739.json) (`2023-10-16T16:35:25.220`) -* [CVE-2022-20747](CVE-2022/CVE-2022-207xx/CVE-2022-20747.json) (`2023-10-16T16:35:25.220`) -* [CVE-2022-20734](CVE-2022/CVE-2022-207xx/CVE-2022-20734.json) (`2023-10-16T16:35:25.220`) -* [CVE-2022-20696](CVE-2022/CVE-2022-206xx/CVE-2022-20696.json) (`2023-10-16T16:35:25.220`) -* [CVE-2022-20775](CVE-2022/CVE-2022-207xx/CVE-2022-20775.json) (`2023-10-16T16:35:25.220`) -* [CVE-2022-20930](CVE-2022/CVE-2022-209xx/CVE-2022-20930.json) (`2023-10-16T16:35:25.220`) -* [CVE-2022-20830](CVE-2022/CVE-2022-208xx/CVE-2022-20830.json) (`2023-10-16T16:35:25.220`) -* [CVE-2023-41680](CVE-2023/CVE-2023-416xx/CVE-2023-41680.json) (`2023-10-16T16:05:54.027`) -* [CVE-2023-41681](CVE-2023/CVE-2023-416xx/CVE-2023-41681.json) (`2023-10-16T16:06:42.963`) -* [CVE-2023-41836](CVE-2023/CVE-2023-418xx/CVE-2023-41836.json) (`2023-10-16T16:07:05.677`) -* [CVE-2023-39999](CVE-2023/CVE-2023-399xx/CVE-2023-39999.json) (`2023-10-16T16:15:53.773`) -* [CVE-2023-20098](CVE-2023/CVE-2023-200xx/CVE-2023-20098.json) (`2023-10-16T16:35:25.220`) -* [CVE-2023-20214](CVE-2023/CVE-2023-202xx/CVE-2023-20214.json) (`2023-10-16T16:35:25.220`) -* [CVE-2023-20252](CVE-2023/CVE-2023-202xx/CVE-2023-20252.json) (`2023-10-16T16:35:25.220`) -* [CVE-2023-20253](CVE-2023/CVE-2023-202xx/CVE-2023-20253.json) (`2023-10-16T16:35:25.220`) -* [CVE-2023-20262](CVE-2023/CVE-2023-202xx/CVE-2023-20262.json) (`2023-10-16T16:35:25.220`) -* [CVE-2023-44100](CVE-2023/CVE-2023-441xx/CVE-2023-44100.json) (`2023-10-16T16:35:40.230`) -* [CVE-2023-44097](CVE-2023/CVE-2023-440xx/CVE-2023-44097.json) (`2023-10-16T16:36:25.770`) -* [CVE-2023-41304](CVE-2023/CVE-2023-413xx/CVE-2023-41304.json) (`2023-10-16T16:40:32.367`) -* [CVE-2023-44109](CVE-2023/CVE-2023-441xx/CVE-2023-44109.json) (`2023-10-16T16:43:26.553`) -* [CVE-2023-44096](CVE-2023/CVE-2023-440xx/CVE-2023-44096.json) (`2023-10-16T16:44:13.867`) -* [CVE-2023-33303](CVE-2023/CVE-2023-333xx/CVE-2023-33303.json) (`2023-10-16T16:51:24.700`) -* [CVE-2023-41682](CVE-2023/CVE-2023-416xx/CVE-2023-41682.json) (`2023-10-16T16:52:58.767`) -* [CVE-2023-38000](CVE-2023/CVE-2023-380xx/CVE-2023-38000.json) (`2023-10-16T17:04:06.637`) -* [CVE-2023-25989](CVE-2023/CVE-2023-259xx/CVE-2023-25989.json) (`2023-10-16T17:45:01.687`) +* [CVE-2023-43623](CVE-2023/CVE-2023-436xx/CVE-2023-43623.json) (`2023-10-16T19:01:01.317`) +* [CVE-2023-26319](CVE-2023/CVE-2023-263xx/CVE-2023-26319.json) (`2023-10-16T19:02:59.867`) +* [CVE-2023-26320](CVE-2023/CVE-2023-263xx/CVE-2023-26320.json) (`2023-10-16T19:04:10.920`) +* [CVE-2023-44997](CVE-2023/CVE-2023-449xx/CVE-2023-44997.json) (`2023-10-16T19:04:19.087`) +* [CVE-2023-3440](CVE-2023/CVE-2023-34xx/CVE-2023-3440.json) (`2023-10-16T19:06:06.767`) +* [CVE-2023-4733](CVE-2023/CVE-2023-47xx/CVE-2023-4733.json) (`2023-10-16T19:13:04.597`) +* [CVE-2023-4750](CVE-2023/CVE-2023-47xx/CVE-2023-4750.json) (`2023-10-16T19:13:09.647`) +* [CVE-2023-4781](CVE-2023/CVE-2023-47xx/CVE-2023-4781.json) (`2023-10-16T19:13:49.960`) +* [CVE-2023-4752](CVE-2023/CVE-2023-47xx/CVE-2023-4752.json) (`2023-10-16T19:13:58.133`) +* [CVE-2023-4990](CVE-2023/CVE-2023-49xx/CVE-2023-4990.json) (`2023-10-16T19:14:35.937`) +* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-16T19:15:10.740`) +* [CVE-2023-44093](CVE-2023/CVE-2023-440xx/CVE-2023-44093.json) (`2023-10-16T19:18:41.647`) +* [CVE-2023-36479](CVE-2023/CVE-2023-364xx/CVE-2023-36479.json) (`2023-10-16T19:20:18.767`) +* [CVE-2023-41900](CVE-2023/CVE-2023-419xx/CVE-2023-41900.json) (`2023-10-16T19:20:23.917`) +* [CVE-2023-44961](CVE-2023/CVE-2023-449xx/CVE-2023-44961.json) (`2023-10-16T19:20:59.490`) +* [CVE-2023-44962](CVE-2023/CVE-2023-449xx/CVE-2023-44962.json) (`2023-10-16T19:21:28.193`) +* [CVE-2023-5555](CVE-2023/CVE-2023-55xx/CVE-2023-5555.json) (`2023-10-16T19:23:31.277`) +* [CVE-2023-5556](CVE-2023/CVE-2023-55xx/CVE-2023-5556.json) (`2023-10-16T19:23:44.070`) +* [CVE-2023-36839](CVE-2023/CVE-2023-368xx/CVE-2023-36839.json) (`2023-10-16T19:27:00.180`) +* [CVE-2023-43634](CVE-2023/CVE-2023-436xx/CVE-2023-43634.json) (`2023-10-16T19:29:48.237`) +* [CVE-2023-43633](CVE-2023/CVE-2023-436xx/CVE-2023-43633.json) (`2023-10-16T19:30:32.823`) +* [CVE-2023-43637](CVE-2023/CVE-2023-436xx/CVE-2023-43637.json) (`2023-10-16T19:30:36.710`) +* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-10-16T19:32:08.873`) +* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-10-16T19:41:01.563`) +* [CVE-2023-43746](CVE-2023/CVE-2023-437xx/CVE-2023-43746.json) (`2023-10-16T19:53:30.110`) ## Download and Usage