diff --git a/CVE-2019/CVE-2019-115xx/CVE-2019-11509.json b/CVE-2019/CVE-2019-115xx/CVE-2019-11509.json index 5105b1ba4d5..ab18d170565 100644 --- a/CVE-2019/CVE-2019-115xx/CVE-2019-11509.json +++ b/CVE-2019/CVE-2019-115xx/CVE-2019-11509.json @@ -2,7 +2,7 @@ "id": "CVE-2019-11509", "sourceIdentifier": "cve@mitre.org", "published": "2019-06-03T20:29:00.517", - "lastModified": "2024-01-13T18:36:49.423", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -412,6 +412,36 @@ "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*", "matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DD00E2EC-B772-4FE8-8CC5-829BE45BE878" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r1:*:*:*:*:*:*", + "matchCriteriaId": "26B25B34-7BD0-471B-A396-45CE5420E963" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r2:*:*:*:*:*:*", + "matchCriteriaId": "AA514C05-2834-4C7B-B022-02B41C9AAD6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "0929C645-DACB-4341-9032-7C79FFC8BCF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r3:*:*:*:*:*:*", + "matchCriteriaId": "0D36CB5A-8389-4F2F-882A-4E8F30028799" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r3.1:*:*:*:*:*:*", + "matchCriteriaId": "517DA74B-9D69-45E1-A707-A08A305A507C" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:*:*:*:*:*:*:*", @@ -546,36 +576,6 @@ "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r7:*:*:*:*:*:*", "matchCriteriaId": "B174CECC-9B31-4DC3-B3F7-04E76ACADE30" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0:*:*:*:*:*:*:*", - "matchCriteriaId": "85B4B14D-F175-44E0-893C-EAD7F185B2B9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0:r1:*:*:*:*:*:*", - "matchCriteriaId": "E689F7EB-4028-41D5-B503-35C83024E82B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0:r2:*:*:*:*:*:*", - "matchCriteriaId": "82862414-F356-4A1C-BE4C-43AE128D8E95" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0:r2.1:*:*:*:*:*:*", - "matchCriteriaId": "49BF6181-E138-4B76-906B-D41A4C7D1CD6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0:r3:*:*:*:*:*:*", - "matchCriteriaId": "81409FF6-C93F-4B62-BA16-8EF92EB344FC" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0:r3.1:*:*:*:*:*:*", - "matchCriteriaId": "F1E2E823-46DD-49DD-A797-903D11670FAB" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8204.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8204.json index bf9b2d20ac3..6297a481104 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8204.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8204.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8204", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:11.470", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -163,6 +163,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -218,11 +223,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8206.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8206.json index 0a3166467bf..d6399a1a39e 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8206.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8206.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8206", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:11.533", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -163,6 +163,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -218,11 +223,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8216.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8216.json index 6c0905957a4..348956617e8 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8216.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8216.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8216", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:11.707", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -163,6 +163,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -218,11 +223,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8217.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8217.json index 681def585a1..f97484a090a 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8217.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8217.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8217", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:11.783", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -163,6 +163,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -218,11 +223,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8218.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8218.json index 753c560e985..80128b93afe 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8218.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8218.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8218", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:11.847", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "cisaExploitAdd": "2022-03-07", "cisaActionDue": "2022-09-07", @@ -167,6 +167,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -222,11 +227,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8219.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8219.json index 47b8f4a6d75..c56a29b4655 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8219.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8219.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8219", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:11.907", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -163,6 +163,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -218,11 +223,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8220.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8220.json index aa3e8986adc..2248f72e100 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8220.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8220.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8220", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:11.987", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -163,6 +163,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -218,11 +223,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8221.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8221.json index adaaa340bea..e6dcb7fd568 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8221.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8221.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8221", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:12.063", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -163,6 +163,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -218,11 +223,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8222.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8222.json index b555d1becbb..9a67b787fcc 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8222.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8222.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8222", "sourceIdentifier": "support@hackerone.com", "published": "2020-07-30T13:15:12.157", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -163,6 +163,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -218,11 +223,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8238.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8238.json index 15a35a7cc3e..098deed27db 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8238.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8238.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8238", "sourceIdentifier": "support@hackerone.com", "published": "2020-09-30T18:15:28.990", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -92,6 +92,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -122,6 +127,11 @@ "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*", "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*", + "matchCriteriaId": "26AEB02E-D2D0-4D7A-BB00-9E5112696B17" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*", @@ -223,16 +233,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.3:*:*:*:*:*:*", - "matchCriteriaId": "3573BE86-7BCE-41A4-92F7-C1A0DBEB2672" } ] } diff --git a/CVE-2020/CVE-2020-82xx/CVE-2020-8243.json b/CVE-2020/CVE-2020-82xx/CVE-2020-8243.json index 8b62284671e..f53cfadc98d 100644 --- a/CVE-2020/CVE-2020-82xx/CVE-2020-8243.json +++ b/CVE-2020/CVE-2020-82xx/CVE-2020-8243.json @@ -2,7 +2,7 @@ "id": "CVE-2020-8243", "sourceIdentifier": "support@hackerone.com", "published": "2020-09-30T18:15:29.070", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-04-23", @@ -96,6 +96,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -126,6 +131,11 @@ "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*", "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*", + "matchCriteriaId": "26AEB02E-D2D0-4D7A-BB00-9E5112696B17" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*", @@ -227,16 +237,6 @@ "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0", "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.3:*:*:*:*:*:*", - "matchCriteriaId": "3573BE86-7BCE-41A4-92F7-C1A0DBEB2672" } ] } diff --git a/CVE-2022/CVE-2022-287xx/CVE-2022-28734.json b/CVE-2022/CVE-2022-287xx/CVE-2022-28734.json index a6748c1ecbb..f1de511f2a1 100644 --- a/CVE-2022/CVE-2022-287xx/CVE-2022-28734.json +++ b/CVE-2022/CVE-2022-287xx/CVE-2022-28734.json @@ -2,8 +2,8 @@ "id": "CVE-2022-28734", "sourceIdentifier": "security@ubuntu.com", "published": "2023-07-20T01:15:10.243", - "lastModified": "2023-08-25T23:15:09.470", - "vulnStatus": "Modified", + "lastModified": "2024-01-16T19:43:16.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 7.0, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "exploitabilityScore": 2.2, + "impactScore": 4.7 }, { "source": "security@ubuntu.com", @@ -83,6 +83,21 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + } + ] + } + ] } ], "references": [ @@ -95,7 +110,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230825-0002/", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", diff --git a/CVE-2022/CVE-2022-352xx/CVE-2022-35254.json b/CVE-2022/CVE-2022-352xx/CVE-2022-35254.json index 5567143443d..3f7656a9bfa 100644 --- a/CVE-2022/CVE-2022-352xx/CVE-2022-35254.json +++ b/CVE-2022/CVE-2022-352xx/CVE-2022-35254.json @@ -2,7 +2,7 @@ "id": "CVE-2022-35254", "sourceIdentifier": "support@hackerone.com", "published": "2022-12-05T22:15:10.457", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -124,6 +124,11 @@ "versionEndExcluding": "9.1", "matchCriteriaId": "368E8A56-50E4-4400-8C18-B7426B112FFC" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -443,11 +448,6 @@ "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.2:*:*:*:*:*:*", "matchCriteriaId": "8DDFCAAC-B447-425E-967C-AA0A93860B9E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2022/CVE-2022-352xx/CVE-2022-35258.json b/CVE-2022/CVE-2022-352xx/CVE-2022-35258.json index 904d81333e0..068580e9bb5 100644 --- a/CVE-2022/CVE-2022-352xx/CVE-2022-35258.json +++ b/CVE-2022/CVE-2022-352xx/CVE-2022-35258.json @@ -2,7 +2,7 @@ "id": "CVE-2022-35258", "sourceIdentifier": "support@hackerone.com", "published": "2022-12-05T22:15:10.627", - "lastModified": "2024-01-13T04:43:44.307", + "lastModified": "2024-01-16T19:18:25.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -124,6 +124,11 @@ "versionEndExcluding": "9.1", "matchCriteriaId": "368E8A56-50E4-4400-8C18-B7426B112FFC" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", @@ -443,11 +448,6 @@ "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.2:*:*:*:*:*:*", "matchCriteriaId": "8DDFCAAC-B447-425E-967C-AA0A93860B9E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", - "matchCriteriaId": "937A242A-0134-47B2-802C-894AFDC20A48" } ] } diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36629.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36629.json index 20a35a2c46e..dbbfd45c41b 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36629.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36629.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36629", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T02:15:44.163", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:13:33.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,83 @@ "value": "El paquete ST ST54-android-packages-apps-Nfc anterior a 130-20230215-23W07p0 para Android tiene una lectura fuera de los l\u00edmites." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:st:st54-android-packages-apps-nfc:*:*:*:*:*:*:*:*", + "versionEndExcluding": "130-20230215-23w07p0", + "matchCriteriaId": "C9C3849E-4AAD-49D7-BCB1-72265403941F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/STMicroelectronics/ST54-android-packages-apps-Nfc/releases/tag/130-20230215-23W07p0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Press/Media Coverage" + ] }, { "url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-007_Xiaomi_Redmi_10sNote-1.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47996.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47996.json index 06dfd46f029..3199b339b8f 100644 --- a/CVE-2023/CVE-2023-479xx/CVE-2023-47996.json +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47996.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47996", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T23:15:09.680", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:59:05.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de enteros en Exif.cpp::jpeg_read_exif_dir en FreeImage 3.18.0 permite a los atacantes obtener informaci\u00f3n y provocar una denegaci\u00f3n de servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freeimage_project:freeimage:3.18.0:*:*:*:*:*:*:*", + "matchCriteriaId": "649CACB0-AD52-4217-9DF9-B692533ED990" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47997.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47997.json index 821b68e8c15..40ef13beffa 100644 --- a/CVE-2023/CVE-2023-479xx/CVE-2023-47997.json +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47997.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47997", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T00:15:45.463", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:58:57.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service." + }, + { + "lang": "es", + "value": "Un problema descubierto en BitmapAccess.cpp::FreeImage_AllocateBitmap en FreeImage 3.18.0 genera un bucle infinito y permite a los atacantes provocar una denegaci\u00f3n de servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freeimage_project:freeimage:3.18.0:*:*:*:*:*:*:*", + "matchCriteriaId": "649CACB0-AD52-4217-9DF9-B692533ED990" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48242.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48242.json index 58d914c9d89..3c60cac1905 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48242.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48242.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48242", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:08.237", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:17:56.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (\u201croot\u201d) via a crafted HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto autenticado descargar archivos arbitrarios en todas las rutas del sistema en el contexto del usuario del sistema operativo de la aplicaci\u00f3n (\"root\") a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48243.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48243.json index 8e7f8b3ef80..1e07061dfbd 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48243.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48243.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48243", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:08.777", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:17:41.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (\u201croot\u201d) via a crafted HTTP request.\r\nBy abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto cargar archivos arbitrarios en todas las rutas del sistema en el contexto del usuario del sistema operativo de la aplicaci\u00f3n (\"root\") a trav\u00e9s de una solicitud HTTP manipulada. Al abusar de esta vulnerabilidad, es posible obtener ejecuci\u00f3n remota de c\u00f3digo (RCE) con privilegios de root en el dispositivo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48244.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48244.json index 25358464916..00e0a51c10c 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48244.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48244.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48244", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:08.990", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:17:17.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim\u2019s session via a crafted URL or HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto inyectar y ejecutar c\u00f3digo script arbitrario del lado del cliente dentro de la sesi\u00f3n de una v\u00edctima a trav\u00e9s de una URL manipulada o una solicitud HTTP." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48245.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48245.json index 00eb28a0415..9c7079bff41 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48245.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48245.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48245", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:09.190", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:17:01.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (\u201croot\u201d) via a crafted HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado cargar archivos arbitrarios en el contexto del usuario del sistema operativo de la aplicaci\u00f3n (\"root\") a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48246.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48246.json index 02be788e19f..e7d656b44ca 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48246.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48246.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48246", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:09.410", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:47:37.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (\u201croot\u201d) via a crafted HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto descargar archivos arbitrarios en todas las rutas del sistema en el contexto del usuario del sistema operativo de la aplicaci\u00f3n (\"root\") a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48247.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48247.json index b6862718d60..7b888e0b610 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48247.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48247.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48247", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:09.647", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:53:35.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (\u201croot\u201d) via a crafted HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado leer archivos arbitrarios en el contexto del usuario del sistema operativo de la aplicaci\u00f3n (\"root\") a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48249.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48249.json index 261131a0dab..da6d4498093 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48249.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48249.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48249", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:10.090", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:59:39.203", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (\u201croot\u201d) via a crafted HTTP request.\r\n\r\nBy abusing this vulnerability, it is possible to steal session cookies of other active users." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto autenticado enumerar carpetas arbitrarias en todas las rutas del sistema en el contexto del usuario del sistema operativo de la aplicaci\u00f3n (\"root\") a trav\u00e9s de una solicitud HTTP manipulada. Al abusar de esta vulnerabilidad, es posible robar cookies de sesi\u00f3n de otros usuarios activos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48259.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48259.json index 92a0c03f7a6..a06134f7a03 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48259.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48259.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48259", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:46.990", - "lastModified": "2024-01-10T13:56:00.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:16:25.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado leer contenido arbitrario de la base de datos de resultados a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48260.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48260.json index d41c3aaded1..d8eef3e7bff 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48260.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48260.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48260", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:47.187", - "lastModified": "2024-01-10T13:56:00.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:16:05.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado leer contenido arbitrario de la base de datos de resultados a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48261.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48261.json index c5f7f564141..d3950d27cc9 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48261.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48261.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48261", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:47.383", - "lastModified": "2024-01-10T13:56:00.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:15:31.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado leer contenido arbitrario de la base de datos de resultados a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48262.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48262.json index 98a4de8823c..7b92e6d3307 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48262.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48262.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48262", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:47.600", - "lastModified": "2024-01-10T13:56:00.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:30:28.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado realizar un ataque de denegaci\u00f3n de servicio (DoS) o, posiblemente, obtener ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de una solicitud de red manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48263.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48263.json index 48c00d778de..360d3a4883e 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48263.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48263.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48263", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:47.793", - "lastModified": "2024-01-10T13:56:00.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:30:41.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado realizar un ataque de denegaci\u00f3n de servicio (DoS) o, posiblemente, obtener ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de una solicitud de red manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48264.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48264.json index f7484ad1444..ebf26f83fe5 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48264.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48264.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48264", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:47.987", - "lastModified": "2024-01-10T13:56:00.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:30:58.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado realizar un ataque de denegaci\u00f3n de servicio (DoS) o, posiblemente, obtener ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de una solicitud de red manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48265.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48265.json index 7de6f6eb6ef..057acdc7c96 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48265.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48265.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48265", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:48.173", - "lastModified": "2024-01-10T13:56:00.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:31:20.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado realizar un ataque de denegaci\u00f3n de servicio (DoS) o, posiblemente, obtener ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de una solicitud de red manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48266.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48266.json index ac0eda5d6c0..44127ed28d1 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48266.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48266.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48266", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:48.360", - "lastModified": "2024-01-10T13:56:00.697", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:31:40.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado realizar un ataque de denegaci\u00f3n de servicio (DoS) o, posiblemente, obtener ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de una solicitud de red manipulada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49351.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49351.json new file mode 100644 index 00000000000..9901efb71c4 --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49351.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-49351", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-16T19:15:08.120", + "lastModified": "2024-01-16T19:15:08.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/countfatcode/temp/blob/main/formUSBAccount/formUSBAccount.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5097.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5097.json new file mode 100644 index 00000000000..7107d4bcfb2 --- /dev/null +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5097.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5097", + "sourceIdentifier": "security@hypr.com", + "published": "2024-01-16T20:15:45.107", + "lastModified": "2024-01-16T20:15:45.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hypr.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@hypr.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.hypr.com/security-advisories", + "source": "security@hypr.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51381.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51381.json new file mode 100644 index 00000000000..00c4930bb40 --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51381.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-51381", + "sourceIdentifier": "product-cna@github.com", + "published": "2024-01-16T19:15:08.183", + "lastModified": "2024-01-16T19:15:08.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting in the\u00a0tag name pattern field in the tag protections UI in GitHub Enterprise Server\u00a03.8.12, 3.9.7, 3.10.4, 3.11.2\u00a0allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created\u00a0CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in all versions of 3.11.3, 3.10.5, 3.9.8, and 3.8.13. This vulnerability was reported via the GitHub Bug Bounty program.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", + "source": "product-cna@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json index 476069fbef9..68b0c020dbb 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5178", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-01T17:15:11.920", - "lastModified": "2024-01-15T17:15:08.590", - "vulnStatus": "Modified", + "lastModified": "2024-01-16T19:43:20.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,19 +21,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "baseScore": 9.8, + "baseSeverity": "CRITICAL" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 3.9, "impactScore": 5.9 }, { @@ -146,44 +146,96 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191" + } + ] + } + ] } ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:7370", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7379", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7418", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7548", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7549", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7551", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7554", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7557", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7559", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5178", @@ -202,7 +254,11 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/", @@ -214,7 +270,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231208-0004/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52041.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52041.json new file mode 100644 index 00000000000..894c8a614c7 --- /dev/null +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52041.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-52041", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-16T19:15:08.410", + "lastModified": "2024-01-16T19:15:08.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kee02p.github.io/2024/01/13/CVE-2023-52041/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json index 839a5dc99a9..0ced66228d0 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6004", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-03T17:15:11.623", - "lastModified": "2024-01-16T12:15:45.247", - "vulnStatus": "Modified", + "lastModified": "2024-01-16T19:43:11.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,20 +21,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.8, - "impactScore": 5.9 + "exploitabilityScore": 1.3, + "impactScore": 3.4 }, { "source": "secalert@redhat.com", @@ -150,6 +150,7 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "source": "secalert@redhat.com", "tags": [ + "Mailing List", "Vendor Advisory" ] }, diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6334.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6334.json new file mode 100644 index 00000000000..af1975bbc00 --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6334.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6334", + "sourceIdentifier": "security@hypr.com", + "published": "2024-01-16T20:15:45.303", + "lastModified": "2024-01-16T20:15:45.303", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hypr.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@hypr.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://www.hypr.com/security-advisories", + "source": "security@hypr.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6335.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6335.json new file mode 100644 index 00000000000..f7fd6b58b67 --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6335.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6335", + "sourceIdentifier": "security@hypr.com", + "published": "2024-01-16T20:15:45.493", + "lastModified": "2024-01-16T20:15:45.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hypr.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@hypr.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://www.hypr.com/security-advisories", + "source": "security@hypr.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6336.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6336.json new file mode 100644 index 00000000000..4bac4b6a9c5 --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6336.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6336", + "sourceIdentifier": "security@hypr.com", + "published": "2024-01-16T20:15:45.667", + "lastModified": "2024-01-16T20:15:45.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hypr.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security@hypr.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://www.hypr.com/security-advisories", + "source": "security@hypr.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7032.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7032.json index addcdcb61fc..61637eddfb6 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7032.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7032.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7032", "sourceIdentifier": "cybersecurity@se.com", "published": "2024-01-09T20:15:42.967", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:43:07.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker\nlogged in with a user level account to gain higher privileges by providing a harmful serialized\nobject.\n\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad CWE-502: deserializaci\u00f3n de datos no confiables que podr\u00eda permitir que un atacante que haya iniciado sesi\u00f3n con una cuenta de nivel de usuario obtenga mayores privilegios al proporcionar un objeto serializado da\u00f1ino." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.3.5", + "matchCriteriaId": "97EFDB27-39E0-4D76-BAB7-20D59CB364B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-009-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-009-02.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7234.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7234.json new file mode 100644 index 00000000000..54461f3f7d4 --- /dev/null +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7234.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-7234", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-01-16T19:15:08.460", + "lastModified": "2024-01-16T19:15:08.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nOPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-117" + } + ] + } + ], + "references": [ + { + "url": "https://integrationobjects.com//ask-a-question/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0200.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0200.json new file mode 100644 index 00000000000..fe6e3fe069e --- /dev/null +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0200.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-0200", + "sourceIdentifier": "product-cna@github.com", + "published": "2024-01-16T19:15:08.667", + "lastModified": "2024-01-16T19:15:08.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-470" + } + ] + } + ], + "references": [ + { + "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", + "source": "product-cna@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0341.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0341.json index 925986e7f20..6d83d2ec85d 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0341.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0341.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0341", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-09T19:15:11.023", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:49:56.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Inis hasta 2.0.1. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /app/api/controller/default/File.php del componente GET Request Handler. La manipulaci\u00f3n de la ruta del argumento conduce a path traversal: '../filedir'. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250109." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inis_project:inis:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.1", + "matchCriteriaId": "BF3BA3A1-37C8-4CA7-824D-43F337B28185" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/VYx8H9u8gyHw", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250109", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250109", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0342.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0342.json index 519aa2ded31..36a110934ee 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0342.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0342.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0342", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-09T20:15:43.190", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:33:17.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the argument sql leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250110 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Inis hasta 2.0.1 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /app/api/controller/default/Sqlite.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento sql conduce a la inyecci\u00f3n de sql. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-250110 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inis_project:inis:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.1", + "matchCriteriaId": "BF3BA3A1-37C8-4CA7-824D-43F337B28185" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/nWYJHrmUqv7i", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250110", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250110", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0344.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0344.json index c2a3cb8af3b..c0647254183 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0344.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0344.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0344", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-09T21:15:08.123", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:29:05.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250112." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en soxft TimeMail hasta 1.1 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo check.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento c conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250112." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:soxft:timemail:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "5CEA3B3F-FAB5-44F4-8E1E-2327162523D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/VSutvlpgCJkD", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250112", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250112", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0345.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0345.json index 7d924b4653f..f3c18e0fe33 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0345.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0345.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0345", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-09T21:15:08.347", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:05:59.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250113 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en CodeAstro Vehicle Booking System 1.0 y clasificada como problem\u00e1tica. Una parte desconocida del archivo usr/usr-register.php del componente User Registration afecta a una parte desconocida. La manipulaci\u00f3n del argumento Full_Name/Last_Name/Address con la entrada conduce a Cross-Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250113." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vehicle_booking_system_project:vehicle_booking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C3F62C29-699D-4E88-AC40-4B55B67AC085" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250113", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250113", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0346.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0346.json index 3ffce91c496..a0c8a9df86a 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0346.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0346.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0346", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-09T22:15:43.800", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:54:15.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en CodeAstro Vehicle Booking System 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo usr/user-give-feedback.php del componente Feedback Page. La manipulaci\u00f3n del argumento My Testemonial conduce a Cross-Site Scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-250114 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +105,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vehicle_booking_system_project:vehicle_booking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C3F62C29-699D-4E88-AC40-4B55B67AC085" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.250114", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250114", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0507.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0507.json new file mode 100644 index 00000000000..a199115aa43 --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0507.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-0507", + "sourceIdentifier": "product-cna@github.com", + "published": "2024-01-16T19:15:08.870", + "lastModified": "2024-01-16T19:15:08.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", + "source": "product-cna@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0599.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0599.json new file mode 100644 index 00000000000..b181aed532e --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0599.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0599", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-16T20:15:45.840", + "lastModified": "2024-01-16T20:15:45.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\\main\\java\\com\\jspxcms\\core\\web\\back\\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250837", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250837", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20652.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20652.json index 87bbbf7538d..8a91a1e2f4d 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20652.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20652.json @@ -2,19 +2,43 @@ "id": "CVE-2024-20652", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:47.733", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:53:51.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows HTML Platforms Security Feature Bypass Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de caracter\u00edstica de seguridad de plataformas HTML de Windows" } ], "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -34,10 +58,187 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20402", + "matchCriteriaId": "46ABD897-272E-49BD-BCD1-79EA0908349D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20402", + "matchCriteriaId": "B85886E7-0E67-4BBD-9E42-4507DF422BCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6614", + "matchCriteriaId": "1301CF7B-D772-4AAA-BFF2-88BF493A324E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6614", + "matchCriteriaId": "DDEB129C-34A6-47E5-A652-51FCE0A3A880" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "F0470D92-707F-4073-886A-ECDC4F2E1CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "9C150F7E-8967-4AB8-8DF8-EBC89A10D554" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "A7997F10-4040-4664-B55E-0039E25B4F79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19044.3930", + "matchCriteriaId": "C541A6B6-7D07-4EA9-89FF-81D815A9476F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19044.3930", + "matchCriteriaId": "5BFCE595-C6A9-4F10-9EC7-58C1D66BB436" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19044.3930", + "matchCriteriaId": "A49993E0-2369-48E3-A925-6405722F1A19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19045.3930", + "matchCriteriaId": "5D738639-84ED-4215-82F1-7D94D68D3396" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19045.3930", + "matchCriteriaId": "047947E7-B85E-4D6A-9B92-E39E4828206E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19045.3930", + "matchCriteriaId": "45296209-531C-48D1-84DA-FAD9E28E7999" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2713", + "matchCriteriaId": "6FA472E2-4501-4597-9979-796258111DA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2713", + "matchCriteriaId": "0F377DD9-2DBF-4202-AF3F-6AC6A809F4E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3007", + "matchCriteriaId": "C48178EC-BDEE-4F78-BCFB-B125F5CA0A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3007", + "matchCriteriaId": "04C81079-1855-4F8C-A9E2-3E2CC796C4F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3007", + "matchCriteriaId": "91F6049F-03C1-494C-8AA1-6DE27D335139" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3007", + "matchCriteriaId": "A00CE59A-0762-4AA4-99DA-5C9545F85666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20652", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20654.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20654.json index c8090dae0af..2e4fa698a73 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20654.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20654.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20654", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:48.130", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:46:14.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft ODBC Driver Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador ODBC de Microsoft" } ], "metrics": { @@ -34,10 +38,187 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20402", + "matchCriteriaId": "46ABD897-272E-49BD-BCD1-79EA0908349D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20402", + "matchCriteriaId": "B85886E7-0E67-4BBD-9E42-4507DF422BCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6614", + "matchCriteriaId": "1301CF7B-D772-4AAA-BFF2-88BF493A324E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6614", + "matchCriteriaId": "DDEB129C-34A6-47E5-A652-51FCE0A3A880" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "F0470D92-707F-4073-886A-ECDC4F2E1CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "9C150F7E-8967-4AB8-8DF8-EBC89A10D554" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "A7997F10-4040-4664-B55E-0039E25B4F79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19044.3930", + "matchCriteriaId": "C541A6B6-7D07-4EA9-89FF-81D815A9476F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19044.3930", + "matchCriteriaId": "5BFCE595-C6A9-4F10-9EC7-58C1D66BB436" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19044.3930", + "matchCriteriaId": "A49993E0-2369-48E3-A925-6405722F1A19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19045.3930", + "matchCriteriaId": "5D738639-84ED-4215-82F1-7D94D68D3396" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19045.3930", + "matchCriteriaId": "047947E7-B85E-4D6A-9B92-E39E4828206E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19045.3930", + "matchCriteriaId": "45296209-531C-48D1-84DA-FAD9E28E7999" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2713", + "matchCriteriaId": "6FA472E2-4501-4597-9979-796258111DA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2713", + "matchCriteriaId": "0F377DD9-2DBF-4202-AF3F-6AC6A809F4E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3007", + "matchCriteriaId": "C48178EC-BDEE-4F78-BCFB-B125F5CA0A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3007", + "matchCriteriaId": "04C81079-1855-4F8C-A9E2-3E2CC796C4F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3007", + "matchCriteriaId": "91F6049F-03C1-494C-8AA1-6DE27D335139" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3007", + "matchCriteriaId": "A00CE59A-0762-4AA4-99DA-5C9545F85666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20654", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20677.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20677.json index 26e4b2bf9a6..f061f4b37b6 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20677.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20677.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20677", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:50.887", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:02:24.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "

A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.

\n

3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.

\n

This change is effective as of the January 9, 2024 security update.

\n" + }, + { + "lang": "es", + "value": "

Existe una vulnerabilidad de seguridad en FBX que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo. Para mitigar esta vulnerabilidad, se deshabilit\u00f3 la capacidad de insertar archivos FBX en Word, Excel, PowerPoint y Outlook para Windows y Mac. Las versiones de Office que ten\u00edan esta funci\u00f3n habilitada ya no tendr\u00e1n acceso a ella. Esto incluye Office 2019, Office 2021, Office LTSC para Mac 2021 y Microsoft 365.

Los modelos 3D en documentos de Office que se insertaron previamente desde un archivo FBX seguir\u00e1n funcionando como se espera a menos que se active la opci\u00f3n Vincular a Archivo. se eligi\u00f3 en el momento de la inserci\u00f3n.

Este cambio entra en vigor a partir de la actualizaci\u00f3n de seguridad del 9 de enero de 2024.

" } ], "metrics": { @@ -34,10 +38,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*", + "matchCriteriaId": "6C9D7C93-E8CB-4A8A-BA15-093B03ACC62F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", + "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21319.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21319.json index 2a23293fbe9..5ed8207dfce 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21319.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21319.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21319", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T19:15:12.070", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:48:19.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Identity Denial of service vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio de identidad de Microsoft" } ], "metrics": { @@ -34,10 +38,108 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.26", + "matchCriteriaId": "498DF6C9-EC7C-4A4F-A188-B22E82FD6540" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.15", + "matchCriteriaId": "77C53F4F-8B33-4FF6-9AFE-155FEF1F972A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.1", + "matchCriteriaId": "8583992E-20C5-4437-ACFE-22FEBD539E4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.7.0", + "matchCriteriaId": "F39C475D-FDCE-4DE1-B936-01D268FD7645" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.34.0", + "matchCriteriaId": "A286ABF0-E7B7-44E0-9EF1-0226BDD5338A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.1.2", + "matchCriteriaId": "B12074D2-B6C2-4797-BCE8-27A5E6314FB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.2.0", + "versionEndExcluding": "17.2.23", + "matchCriteriaId": "42B33777-27CB-45CC-A95A-3F4369DBB31D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.4.0", + "versionEndExcluding": "17.4.15", + "matchCriteriaId": "E578915C-4563-4767-A1F9-7C0ADF58BDA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.6.0", + "versionEndExcluding": "17.6.11", + "matchCriteriaId": "AB1E1DB4-BE9A-48E9-808D-E239CFDB26BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.8.0", + "versionEndExcluding": "17.8.4", + "matchCriteriaId": "1A6D3ECE-ED4D-4778-900F-4D4E1D05F00E" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21664.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21664.json index 3b67fc972d1..88764518d55 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21664.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21664.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21664", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-09T20:15:43.740", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T19:30:49.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in version 2.0.19.\n" + }, + { + "lang": "es", + "value": "jwx es un m\u00f3dulo Go que implementa varias tecnolog\u00edas JWx (JWA/JWE/JWK/JWS/JWT, tambi\u00e9n conocidas como JOSE). Llamar a `jws.Parse` con un payload serializado JSON donde el campo `signature` est\u00e1 presente mientras que `protected` est\u00e1 ausente puede provocar una desreferencia del puntero nulo. La vulnerabilidad se puede utilizar para bloquear/DOS un sistema que realiza la verificaci\u00f3n JWS. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 2.0.19." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lestrrat-go:jwx:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.19", + "matchCriteriaId": "5BC42760-3661-434C-8568-AF4B49498561" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/lestrrat-go/jwx/commit/0e8802ce6842625845d651456493e7c87625601f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/lestrrat-go/jwx/commit/d69a721931a5c48b9850a42404f18e143704adcd", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-pvcr-v8j8-j5q3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21668.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21668.json index 8c220931f74..6fb3aee53c9 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21668.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21668.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21668", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-09T19:15:12.330", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-16T20:37:23.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0." + }, + { + "lang": "es", + "value": "react-native-mmkv es una librer\u00eda que permite el uso sencillo de MMKV dentro de aplicaciones React Native. Antes de la versi\u00f3n 2.11.0, react-native-mmkv registraba la clave de cifrado opcional para la base de datos MMKV en el registro del sistema Android. Cualquier persona con acceso al Android Debugging Bridge (ADB) puede obtener la clave si est\u00e1 habilitado en la configuraci\u00f3n del tel\u00e9fono. Este error no est\u00e1 presente en dispositivos iOS. Al registrar el secreto de cifrado en los registros del sistema, los atacantes pueden recuperar trivialmente el secreto habilitando ADB y socavando el modelo de subprocesos de una aplicaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 2.11.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mrousavy:react-native-mmkv:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "2.11.0", + "matchCriteriaId": "2F0F4C50-CDEB-4A18-A8BC-E087D59E6D75" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mrousavy/react-native-mmkv/commit/a8995ccb7184281f7d168bad3e9987c9bd05f00d", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mrousavy/react-native-mmkv/releases/tag/v2.11.0", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/mrousavy/react-native-mmkv/security/advisories/GHSA-4jh3-6jhv-2mgp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22491.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22491.json new file mode 100644 index 00000000000..70cf0c2164b --- /dev/null +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22491.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22491", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-16T19:15:09.080", + "lastModified": "2024-01-16T19:15:09.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 11ed427d5e2..712cccb89fe 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-16T19:00:24.664971+00:00 +2024-01-16T21:00:25.815741+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-16T18:57:56.167000+00:00 +2024-01-16T20:59:05.917000+00:00 ``` ### Last Data Feed Release @@ -29,59 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236096 +236108 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` - -* [CVE-2023-22502](CVE-2023/CVE-2023-225xx/CVE-2023-22502.json) (`2024-01-16T18:15:08.957`) -* [CVE-2023-22507](CVE-2023/CVE-2023-225xx/CVE-2023-22507.json) (`2024-01-16T18:15:09.037`) -* [CVE-2023-22510](CVE-2023/CVE-2023-225xx/CVE-2023-22510.json) (`2024-01-16T18:15:09.080`) -* [CVE-2023-22512](CVE-2023/CVE-2023-225xx/CVE-2023-22512.json) (`2024-01-16T18:15:09.130`) -* [CVE-2023-22514](CVE-2023/CVE-2023-225xx/CVE-2023-22514.json) (`2024-01-16T18:15:09.170`) -* [CVE-2023-22520](CVE-2023/CVE-2023-225xx/CVE-2023-22520.json) (`2024-01-16T18:15:09.217`) -* [CVE-2023-22525](CVE-2023/CVE-2023-225xx/CVE-2023-22525.json) (`2024-01-16T18:15:09.257`) -* [CVE-2023-37523](CVE-2023/CVE-2023-375xx/CVE-2023-37523.json) (`2024-01-16T18:15:09.407`) -* [CVE-2023-4969](CVE-2023/CVE-2023-49xx/CVE-2023-4969.json) (`2024-01-16T17:15:08.083`) -* [CVE-2024-0579](CVE-2024/CVE-2024-05xx/CVE-2024-0579.json) (`2024-01-16T17:15:08.280`) -* [CVE-2024-22625](CVE-2024/CVE-2024-226xx/CVE-2024-22625.json) (`2024-01-16T18:15:11.077`) -* [CVE-2024-22626](CVE-2024/CVE-2024-226xx/CVE-2024-22626.json) (`2024-01-16T18:15:11.120`) -* [CVE-2024-22627](CVE-2024/CVE-2024-226xx/CVE-2024-22627.json) (`2024-01-16T18:15:11.167`) -* [CVE-2024-22628](CVE-2024/CVE-2024-226xx/CVE-2024-22628.json) (`2024-01-16T18:15:11.220`) -* [CVE-2024-23347](CVE-2024/CVE-2024-233xx/CVE-2024-23347.json) (`2024-01-16T18:15:11.267`) +Recently added CVEs: `12` + +* [CVE-2023-49351](CVE-2023/CVE-2023-493xx/CVE-2023-49351.json) (`2024-01-16T19:15:08.120`) +* [CVE-2023-51381](CVE-2023/CVE-2023-513xx/CVE-2023-51381.json) (`2024-01-16T19:15:08.183`) +* [CVE-2023-52041](CVE-2023/CVE-2023-520xx/CVE-2023-52041.json) (`2024-01-16T19:15:08.410`) +* [CVE-2023-7234](CVE-2023/CVE-2023-72xx/CVE-2023-7234.json) (`2024-01-16T19:15:08.460`) +* [CVE-2023-5097](CVE-2023/CVE-2023-50xx/CVE-2023-5097.json) (`2024-01-16T20:15:45.107`) +* [CVE-2023-6334](CVE-2023/CVE-2023-63xx/CVE-2023-6334.json) (`2024-01-16T20:15:45.303`) +* [CVE-2023-6335](CVE-2023/CVE-2023-63xx/CVE-2023-6335.json) (`2024-01-16T20:15:45.493`) +* [CVE-2023-6336](CVE-2023/CVE-2023-63xx/CVE-2023-6336.json) (`2024-01-16T20:15:45.667`) +* [CVE-2024-0200](CVE-2024/CVE-2024-02xx/CVE-2024-0200.json) (`2024-01-16T19:15:08.667`) +* [CVE-2024-0507](CVE-2024/CVE-2024-05xx/CVE-2024-0507.json) (`2024-01-16T19:15:08.870`) +* [CVE-2024-22491](CVE-2024/CVE-2024-224xx/CVE-2024-22491.json) (`2024-01-16T19:15:09.080`) +* [CVE-2024-0599](CVE-2024/CVE-2024-05xx/CVE-2024-0599.json) (`2024-01-16T20:15:45.840`) ### CVEs modified in the last Commit -Recently modified CVEs: `38` - -* [CVE-2023-35702](CVE-2023/CVE-2023-357xx/CVE-2023-35702.json) (`2024-01-16T17:33:44.477`) -* [CVE-2023-35703](CVE-2023/CVE-2023-357xx/CVE-2023-35703.json) (`2024-01-16T17:34:14.000`) -* [CVE-2023-35704](CVE-2023/CVE-2023-357xx/CVE-2023-35704.json) (`2024-01-16T17:34:22.723`) -* [CVE-2023-35969](CVE-2023/CVE-2023-359xx/CVE-2023-35969.json) (`2024-01-16T17:34:36.490`) -* [CVE-2023-35970](CVE-2023/CVE-2023-359xx/CVE-2023-35970.json) (`2024-01-16T17:34:44.180`) -* [CVE-2023-35994](CVE-2023/CVE-2023-359xx/CVE-2023-35994.json) (`2024-01-16T17:34:53.610`) -* [CVE-2023-22527](CVE-2023/CVE-2023-225xx/CVE-2023-22527.json) (`2024-01-16T18:15:09.327`) -* [CVE-2023-45229](CVE-2023/CVE-2023-452xx/CVE-2023-45229.json) (`2024-01-16T18:15:09.620`) -* [CVE-2023-45230](CVE-2023/CVE-2023-452xx/CVE-2023-45230.json) (`2024-01-16T18:15:09.687`) -* [CVE-2023-45231](CVE-2023/CVE-2023-452xx/CVE-2023-45231.json) (`2024-01-16T18:15:09.750`) -* [CVE-2023-45232](CVE-2023/CVE-2023-452xx/CVE-2023-45232.json) (`2024-01-16T18:15:09.813`) -* [CVE-2023-45233](CVE-2023/CVE-2023-452xx/CVE-2023-45233.json) (`2024-01-16T18:15:09.877`) -* [CVE-2023-45234](CVE-2023/CVE-2023-452xx/CVE-2023-45234.json) (`2024-01-16T18:15:09.940`) -* [CVE-2023-45235](CVE-2023/CVE-2023-452xx/CVE-2023-45235.json) (`2024-01-16T18:15:10.013`) -* [CVE-2023-45236](CVE-2023/CVE-2023-452xx/CVE-2023-45236.json) (`2024-01-16T18:15:10.080`) -* [CVE-2023-45237](CVE-2023/CVE-2023-452xx/CVE-2023-45237.json) (`2024-01-16T18:15:10.187`) -* [CVE-2023-6395](CVE-2023/CVE-2023-63xx/CVE-2023-6395.json) (`2024-01-16T18:15:10.303`) -* [CVE-2023-50136](CVE-2023/CVE-2023-501xx/CVE-2023-50136.json) (`2024-01-16T18:51:33.887`) -* [CVE-2023-38827](CVE-2023/CVE-2023-388xx/CVE-2023-38827.json) (`2024-01-16T18:57:56.167`) -* [CVE-2024-22164](CVE-2024/CVE-2024-221xx/CVE-2024-22164.json) (`2024-01-16T17:40:17.057`) -* [CVE-2024-21737](CVE-2024/CVE-2024-217xx/CVE-2024-21737.json) (`2024-01-16T17:45:47.083`) -* [CVE-2024-22165](CVE-2024/CVE-2024-221xx/CVE-2024-22165.json) (`2024-01-16T18:30:58.893`) -* [CVE-2024-0056](CVE-2024/CVE-2024-00xx/CVE-2024-0056.json) (`2024-01-16T18:42:08.580`) -* [CVE-2024-0057](CVE-2024/CVE-2024-00xx/CVE-2024-0057.json) (`2024-01-16T18:47:36.267`) -* [CVE-2024-0340](CVE-2024/CVE-2024-03xx/CVE-2024-0340.json) (`2024-01-16T18:49:46.600`) +Recently modified CVEs: `47` + +* [CVE-2023-48261](CVE-2023/CVE-2023-482xx/CVE-2023-48261.json) (`2024-01-16T20:15:31.977`) +* [CVE-2023-48260](CVE-2023/CVE-2023-482xx/CVE-2023-48260.json) (`2024-01-16T20:16:05.787`) +* [CVE-2023-48259](CVE-2023/CVE-2023-482xx/CVE-2023-48259.json) (`2024-01-16T20:16:25.587`) +* [CVE-2023-48245](CVE-2023/CVE-2023-482xx/CVE-2023-48245.json) (`2024-01-16T20:17:01.697`) +* [CVE-2023-48244](CVE-2023/CVE-2023-482xx/CVE-2023-48244.json) (`2024-01-16T20:17:17.953`) +* [CVE-2023-48243](CVE-2023/CVE-2023-482xx/CVE-2023-48243.json) (`2024-01-16T20:17:41.990`) +* [CVE-2023-48242](CVE-2023/CVE-2023-482xx/CVE-2023-48242.json) (`2024-01-16T20:17:56.863`) +* [CVE-2023-48262](CVE-2023/CVE-2023-482xx/CVE-2023-48262.json) (`2024-01-16T20:30:28.287`) +* [CVE-2023-48263](CVE-2023/CVE-2023-482xx/CVE-2023-48263.json) (`2024-01-16T20:30:41.677`) +* [CVE-2023-48264](CVE-2023/CVE-2023-482xx/CVE-2023-48264.json) (`2024-01-16T20:30:58.470`) +* [CVE-2023-48265](CVE-2023/CVE-2023-482xx/CVE-2023-48265.json) (`2024-01-16T20:31:20.220`) +* [CVE-2023-48266](CVE-2023/CVE-2023-482xx/CVE-2023-48266.json) (`2024-01-16T20:31:40.710`) +* [CVE-2023-47997](CVE-2023/CVE-2023-479xx/CVE-2023-47997.json) (`2024-01-16T20:58:57.263`) +* [CVE-2023-47996](CVE-2023/CVE-2023-479xx/CVE-2023-47996.json) (`2024-01-16T20:59:05.917`) +* [CVE-2024-0345](CVE-2024/CVE-2024-03xx/CVE-2024-0345.json) (`2024-01-16T19:05:59.090`) +* [CVE-2024-0344](CVE-2024/CVE-2024-03xx/CVE-2024-0344.json) (`2024-01-16T19:29:05.160`) +* [CVE-2024-21664](CVE-2024/CVE-2024-216xx/CVE-2024-21664.json) (`2024-01-16T19:30:49.207`) +* [CVE-2024-0342](CVE-2024/CVE-2024-03xx/CVE-2024-0342.json) (`2024-01-16T19:33:17.373`) +* [CVE-2024-0341](CVE-2024/CVE-2024-03xx/CVE-2024-0341.json) (`2024-01-16T19:49:56.160`) +* [CVE-2024-20652](CVE-2024/CVE-2024-206xx/CVE-2024-20652.json) (`2024-01-16T19:53:51.473`) +* [CVE-2024-20677](CVE-2024/CVE-2024-206xx/CVE-2024-20677.json) (`2024-01-16T20:02:24.243`) +* [CVE-2024-21668](CVE-2024/CVE-2024-216xx/CVE-2024-21668.json) (`2024-01-16T20:37:23.550`) +* [CVE-2024-20654](CVE-2024/CVE-2024-206xx/CVE-2024-20654.json) (`2024-01-16T20:46:14.413`) +* [CVE-2024-21319](CVE-2024/CVE-2024-213xx/CVE-2024-21319.json) (`2024-01-16T20:48:19.723`) +* [CVE-2024-0346](CVE-2024/CVE-2024-03xx/CVE-2024-0346.json) (`2024-01-16T20:54:15.903`) ## Download and Usage