Auto-Update: 2024-10-09T20:00:17.693755+00:00

fkie-cad · Oct 9, 2024 · 2bc5c61 · 2bc5c61
1 parent 051ec88
commit 2bc5c61
Show file tree

Hide file tree

Showing 23 changed files with 1,032 additions and 136 deletions.
diff --git a/CVE-2021/CVE-2021-413xx/CVE-2021-41306.json b/CVE-2021/CVE-2021-413xx/CVE-2021-41306.json
@@ -2,8 +2,8 @@
   "id": "CVE-2021-41306",
   "sourceIdentifier": "[email protected]",
   "published": "2021-10-26T05:15:07.393",
-  "lastModified": "2022-05-03T16:04:40.443",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-10-09T19:35:03.473",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -36,6 +36,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
       }
     ],
     "cvssMetricV2": [
@@ -74,6 +94,16 @@
           "value": "CWE-639"
         }
       ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
     }
   ],
   "configurations": [

diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21134.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21134.json
@@ -2,8 +2,8 @@
   "id": "CVE-2023-21134",
   "sourceIdentifier": "[email protected]",
   "published": "2023-08-14T21:15:11.247",
-  "lastModified": "2023-08-24T15:13:20.037",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-10-09T19:35:04.263",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -32,6 +32,26 @@
         },
         "exploitabilityScore": 0.9,
         "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.9
       }
     ]
   },
@@ -45,6 +65,16 @@
           "value": "CWE-862"
         }
       ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
     }
   ],
   "configurations": [

diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21140.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21140.json
@@ -2,8 +2,8 @@
   "id": "CVE-2023-21140",
   "sourceIdentifier": "[email protected]",
   "published": "2023-08-14T21:15:11.487",
-  "lastModified": "2023-08-24T15:13:02.303",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-10-09T19:35:05.063",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -32,6 +32,26 @@
         },
         "exploitabilityScore": 0.9,
         "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.9
       }
     ]
   },
@@ -45,6 +65,16 @@
           "value": "CWE-862"
         }
       ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
     }
   ],
   "configurations": [

diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21265.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21265.json
@@ -2,8 +2,8 @@
   "id": "CVE-2023-21265",
   "sourceIdentifier": "[email protected]",
   "published": "2023-08-14T21:15:12.067",
-  "lastModified": "2023-08-24T15:09:04.043",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-10-09T19:35:05.860",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -32,6 +32,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
       }
     ]
   },
@@ -45,6 +65,16 @@
           "value": "CWE-295"
         }
       ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-295"
+        }
+      ]
     }
   ],
   "configurations": [

diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31065.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31065.json
@@ -2,8 +2,8 @@
   "id": "CVE-2023-31065",
   "sourceIdentifier": "[email protected]",
   "published": "2023-05-22T16:15:10.027",
-  "lastModified": "2023-05-27T03:21:33.713",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-10-09T18:35:03.500",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -32,6 +32,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 5.2
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
       }
     ]
   },

diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31066.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31066.json
@@ -2,8 +2,8 @@
   "id": "CVE-2023-31066",
   "sourceIdentifier": "[email protected]",
   "published": "2023-05-22T16:15:10.090",
-  "lastModified": "2023-05-27T03:24:41.447",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-10-09T18:35:03.717",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -32,6 +32,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 5.2
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
       }
     ]
   },

diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31454.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31454.json
@@ -2,8 +2,8 @@
   "id": "CVE-2023-31454",
   "sourceIdentifier": "[email protected]",
   "published": "2023-05-22T14:15:09.697",
-  "lastModified": "2023-05-27T01:26:39.903",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-10-09T18:35:03.897",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -32,6 +32,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
       }
     ]
   },

diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3656.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3656.json
@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-3656",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-09T19:15:13.547",
+  "lastModified": "2024-10-09T19:15:13.547",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2024-3656",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc",
+      "source": "[email protected]"
+    }
+  ]
+}