diff --git a/CVE-2001/CVE-2001-01xx/CVE-2001-0162.json b/CVE-2001/CVE-2001-01xx/CVE-2001-0162.json index c6c2bb64de6..64800c8e315 100644 --- a/CVE-2001/CVE-2001-01xx/CVE-2001-0162.json +++ b/CVE-2001/CVE-2001-01xx/CVE-2001-0162.json @@ -2,7 +2,7 @@ "id": "CVE-2001-0162", "sourceIdentifier": "cve@mitre.org", "published": "2001-01-01T05:00:00.000", - "lastModified": "2008-09-05T20:23:25.587", + "lastModified": "2023-12-15T19:06:18.803", "vulnStatus": "Analyzed", "descriptions": [ { @@ -58,8 +58,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_ce:3.0.9348:*:*:*:*:*:*:*", - "matchCriteriaId": "34C6252B-32BC-4BC2-AAD2-4B3F691F8BD4" + "criteria": "cpe:2.3:o:microsoft:windows_embedded_compact:3.0.9348:*:*:*:*:*:*:*", + "matchCriteriaId": "EFB3E6BE-C974-4E83-9467-F871B71A052C" } ] } diff --git a/CVE-2006/CVE-2006-69xx/CVE-2006-6908.json b/CVE-2006/CVE-2006-69xx/CVE-2006-6908.json index 98045a5d884..a529af7bba9 100644 --- a/CVE-2006/CVE-2006-69xx/CVE-2006-6908.json +++ b/CVE-2006/CVE-2006-69xx/CVE-2006-6908.json @@ -2,7 +2,7 @@ "id": "CVE-2006-6908", "sourceIdentifier": "cve@mitre.org", "published": "2006-12-31T05:00:00.000", - "lastModified": "2018-10-16T16:29:04.367", + "lastModified": "2023-12-15T19:06:18.803", "vulnStatus": "Modified", "descriptions": [ { @@ -93,8 +93,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_ce:*:*:*:*:*:*:*:*", - "matchCriteriaId": "213294BE-E719-4F9B-8743-B586749B8974" + "criteria": "cpe:2.3:o:microsoft:windows_embedded_compact:*:*:*:*:*:*:*:*", + "matchCriteriaId": "5F4C5281-4CF0-4BCE-BF7D-391149F38E2F" }, { "vulnerable": true, @@ -111,6 +111,10 @@ "url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", "source": "cve@mitre.org" }, + { + "url": "http://osvdb.org/37587", + "source": "cve@mitre.org" + }, { "url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded", "source": "cve@mitre.org" diff --git a/CVE-2006/CVE-2006-70xx/CVE-2006-7031.json b/CVE-2006/CVE-2006-70xx/CVE-2006-7031.json index b1d2d561685..66e50641627 100644 --- a/CVE-2006/CVE-2006-70xx/CVE-2006-7031.json +++ b/CVE-2006/CVE-2006-70xx/CVE-2006-7031.json @@ -2,7 +2,7 @@ "id": "CVE-2006-7031", "sourceIdentifier": "cve@mitre.org", "published": "2007-02-23T03:28:00.000", - "lastModified": "2021-07-23T15:02:49.957", + "lastModified": "2023-12-15T19:06:18.803", "vulnStatus": "Modified", "descriptions": [ { @@ -98,8 +98,8 @@ }, { "vulnerable": false, - "criteria": "cpe:2.3:o:microsoft:windows_ce:*:*:*:*:*:*:*:*", - "matchCriteriaId": "213294BE-E719-4F9B-8743-B586749B8974" + "criteria": "cpe:2.3:o:microsoft:windows_embedded_compact:*:*:*:*:*:*:*:*", + "matchCriteriaId": "5F4C5281-4CF0-4BCE-BF7D-391149F38E2F" }, { "vulnerable": false, diff --git a/CVE-2007/CVE-2007-50xx/CVE-2007-5090.json b/CVE-2007/CVE-2007-50xx/CVE-2007-5090.json index 8ae5eb0a4e4..123d3c2f50f 100644 --- a/CVE-2007/CVE-2007-50xx/CVE-2007-5090.json +++ b/CVE-2007/CVE-2007-50xx/CVE-2007-5090.json @@ -2,8 +2,8 @@ "id": "CVE-2007-5090", "sourceIdentifier": "cve@mitre.org", "published": "2007-09-26T20:17:00.000", - "lastModified": "2017-07-29T01:33:23.193", - "vulnStatus": "Modified", + "lastModified": "2023-12-15T19:09:10.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -55,16 +55,12 @@ ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", - "matchCriteriaId": "5A610D9B-35CC-4D39-A2D7-C6E56DA82780" - }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*", @@ -119,11 +115,22 @@ "vulnerable": true, "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:ibm:db2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C94CDDFF-420F-4C9B-A668-A79FAF73AC84" }, { - "vulnerable": true, - "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*", - "matchCriteriaId": "0B5AA1AC-79E9-4150-BBFB-A07F648CD9A3" + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1B65554F-BD5C-4EDE-8E16-4C57078592D9" } ] } @@ -131,25 +138,57 @@ } ], "references": [ + { + "url": "http://osvdb.org/40598", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/26899", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/25810", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securitytracker.com/id?1018735", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.vupen.com/english/advisories/2007/3264", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2008/CVE-2008-21xx/CVE-2008-2160.json b/CVE-2008/CVE-2008-21xx/CVE-2008-2160.json index 5d954ee064e..3c005fd8198 100644 --- a/CVE-2008/CVE-2008-21xx/CVE-2008-2160.json +++ b/CVE-2008/CVE-2008-21xx/CVE-2008-2160.json @@ -2,7 +2,7 @@ "id": "CVE-2008-2160", "sourceIdentifier": "cve@mitre.org", "published": "2008-05-12T22:20:00.000", - "lastModified": "2017-08-08T01:30:48.903", + "lastModified": "2023-12-15T19:06:18.803", "vulnStatus": "Modified", "descriptions": [ { @@ -66,8 +66,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_ce:5.0:*:*:*:*:*:*:*", - "matchCriteriaId": "8BF0204E-C138-456D-8801-4C866B70E997" + "criteria": "cpe:2.3:o:microsoft:windows_embedded_compact:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5C883778-F2AE-4946-A2B2-ABE63F46DD7F" } ] } @@ -75,6 +75,13 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/30197", + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] + }, { "url": "http://support.microsoft.com/kb/948812", "source": "cve@mitre.org" diff --git a/CVE-2016/CVE-2016-99xx/CVE-2016-9952.json b/CVE-2016/CVE-2016-99xx/CVE-2016-9952.json index 8f8d22a8b90..8a8d496e760 100644 --- a/CVE-2016/CVE-2016-99xx/CVE-2016-9952.json +++ b/CVE-2016/CVE-2016-99xx/CVE-2016-9952.json @@ -2,7 +2,7 @@ "id": "CVE-2016-9952", "sourceIdentifier": "cve@mitre.org", "published": "2018-03-12T21:29:00.500", - "lastModified": "2018-04-10T15:29:05.003", + "lastModified": "2023-12-15T19:06:18.803", "vulnStatus": "Analyzed", "descriptions": [ { @@ -98,8 +98,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:o:microsoft:windows_ce:-:*:*:*:*:*:*:*", - "matchCriteriaId": "96C21CE7-C631-420F-8375-8774A2632BBD" + "criteria": "cpe:2.3:o:microsoft:windows_embedded_compact:-:*:*:*:*:*:*:*", + "matchCriteriaId": "48927A5E-B938-4D59-84E1-4C05AA80F69C" } ] } diff --git a/CVE-2016/CVE-2016-99xx/CVE-2016-9953.json b/CVE-2016/CVE-2016-99xx/CVE-2016-9953.json index 507c7b7535c..52441403641 100644 --- a/CVE-2016/CVE-2016-99xx/CVE-2016-9953.json +++ b/CVE-2016/CVE-2016-99xx/CVE-2016-9953.json @@ -2,7 +2,7 @@ "id": "CVE-2016-9953", "sourceIdentifier": "cve@mitre.org", "published": "2018-03-12T21:29:00.563", - "lastModified": "2018-04-10T15:28:02.907", + "lastModified": "2023-12-15T19:06:18.803", "vulnStatus": "Analyzed", "descriptions": [ { @@ -98,8 +98,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:o:microsoft:windows_ce:-:*:*:*:*:*:*:*", - "matchCriteriaId": "96C21CE7-C631-420F-8375-8774A2632BBD" + "criteria": "cpe:2.3:o:microsoft:windows_embedded_compact:-:*:*:*:*:*:*:*", + "matchCriteriaId": "48927A5E-B938-4D59-84E1-4C05AA80F69C" } ] } diff --git a/CVE-2022/CVE-2022-244xx/CVE-2022-24480.json b/CVE-2022/CVE-2022-244xx/CVE-2022-24480.json index 2059e2f68c3..79547a7f258 100644 --- a/CVE-2022/CVE-2022-244xx/CVE-2022-24480.json +++ b/CVE-2022/CVE-2022-244xx/CVE-2022-24480.json @@ -2,12 +2,12 @@ "id": "CVE-2022-24480", "sourceIdentifier": "secure@microsoft.com", "published": "2022-12-13T19:15:11.590", - "lastModified": "2023-04-17T18:52:45.283", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-15T20:15:07.430", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Outlook for Android Elevation of Privilege Vulnerability." + "value": "Outlook for Android Elevation of Privilege Vulnerability.\n\n" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-217xx/CVE-2023-21740.json b/CVE-2023/CVE-2023-217xx/CVE-2023-21740.json index dc05fd4e555..3a00761aa69 100644 --- a/CVE-2023/CVE-2023-217xx/CVE-2023-21740.json +++ b/CVE-2023/CVE-2023-217xx/CVE-2023-21740.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21740", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:16.720", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:21:02.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Media Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Windows Media" } ], "metrics": { @@ -34,10 +38,122 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20345", + "matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6529", + "matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5206", + "matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3803", + "matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3803", + "matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2652", + "matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2861", + "matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2861", + "matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.584", + "matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35621.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35621.json index 6afaca261f1..e6e4631c263 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35621.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35621.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35621", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:17.090", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:44:04.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio en Microsoft Dynamics 365 Finance and Operations" } ], "metrics": { @@ -34,10 +38,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:dynamics_365:-:*:*:*:*:finance_and_operations:*:*", + "matchCriteriaId": "8081D009-E965-4F8F-BE22-2B4676423944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:dynamics_365:10.0.37:*:*:*:*:finance_and_operations:*:*", + "matchCriteriaId": "D796D3F1-7393-465D-880A-2BF929678398" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:dynamics_365:10.0.38:*:*:*:*:finance_and_operations:*:*", + "matchCriteriaId": "E65C826B-E094-4542-ACD6-0DFEBF90B461" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36403.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36403.json index 814507e08d3..9b7ad85c63a 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36403.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36403.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36403", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:41.883", - "lastModified": "2023-12-14T16:15:45.183", - "vulnStatus": "Modified", + "lastModified": "2023-12-15T19:59:05.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -186,8 +186,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } @@ -197,7 +198,11 @@ "references": [ { "url": "http://packetstormsecurity.com/files/176209/Windows-Kernel-Race-Conditions.html", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36403", diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36404.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36404.json index 9387fda91e0..48beae412e7 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36404.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36404.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36404", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:42.100", - "lastModified": "2023-12-08T17:15:07.307", - "vulnStatus": "Modified", + "lastModified": "2023-12-15T19:58:53.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -154,8 +154,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } @@ -165,7 +166,11 @@ "references": [ { "url": "http://packetstormsecurity.com/files/176110/Windows-Kernel-Information-Disclosure.html", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36404", diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36405.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36405.json index 8f26e1afbae..c9eadc7c26d 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36405.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36405.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36405", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:42.420", - "lastModified": "2023-11-20T20:23:24.413", + "lastModified": "2023-12-15T19:58:39.633", "vulnStatus": "Analyzed", "descriptions": [ { @@ -154,8 +154,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36406.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36406.json index ede1d940277..2df0d4e1570 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36406.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36406.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36406", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:42.843", - "lastModified": "2023-11-20T20:22:23.150", + "lastModified": "2023-12-15T19:58:20.153", "vulnStatus": "Analyzed", "descriptions": [ { @@ -102,8 +102,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36407.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36407.json index e019da17fb1..6b34d358dec 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36407.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36407.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36407", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:43.273", - "lastModified": "2023-11-20T20:21:39.930", + "lastModified": "2023-12-15T19:57:59.780", "vulnStatus": "Analyzed", "descriptions": [ { @@ -102,8 +102,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36408.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36408.json index 74623f3e2d2..33068365eec 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36408.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36408.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36408", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:43.680", - "lastModified": "2023-11-20T20:20:31.270", + "lastModified": "2023-12-15T19:57:47.510", "vulnStatus": "Analyzed", "descriptions": [ { @@ -136,8 +136,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36424.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36424.json index 03c43c618e0..f03339d66e6 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36424.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36424.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36424", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:45.990", - "lastModified": "2023-11-20T20:15:28.903", + "lastModified": "2023-12-15T19:55:29.947", "vulnStatus": "Analyzed", "descriptions": [ { @@ -191,8 +191,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36425.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36425.json index 75de2e07a36..abf32e4227e 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36425.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36425.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36425", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:46.423", - "lastModified": "2023-11-20T20:14:18.830", + "lastModified": "2023-12-15T19:52:02.540", "vulnStatus": "Analyzed", "descriptions": [ { @@ -191,8 +191,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36427.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36427.json index dbef7734844..244558a09cf 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36427.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36427.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36427", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:46.843", - "lastModified": "2023-11-20T20:12:07.450", + "lastModified": "2023-12-15T19:50:36.810", "vulnStatus": "Analyzed", "descriptions": [ { @@ -125,8 +125,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36428.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36428.json index 4b9076170b0..2c849d00c5e 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36428.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36428.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36428", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:47.247", - "lastModified": "2023-11-20T20:10:11.840", + "lastModified": "2023-12-15T19:48:20.413", "vulnStatus": "Analyzed", "descriptions": [ { @@ -185,8 +185,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36705.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36705.json index 39ec7433d68..a9edc5219cf 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36705.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36705.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36705", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:50.390", - "lastModified": "2023-11-20T19:55:03.793", + "lastModified": "2023-12-15T19:47:45.657", "vulnStatus": "Analyzed", "descriptions": [ { @@ -180,8 +180,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json index f1239994f8e..eebd2b6c9e6 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36719", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:50.820", - "lastModified": "2023-11-20T21:02:51.473", + "lastModified": "2023-12-15T19:47:17.103", "vulnStatus": "Analyzed", "descriptions": [ { @@ -186,8 +186,9 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.531", + "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A" } ] } diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40716.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40716.json index 36b1829ed04..206db3bac62 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40716.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40716.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40716", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-12-13T07:15:14.223", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:06:24.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -50,10 +70,200 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:2.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20DC6A76-A91E-49D8-AD5F-5A53E6FD56A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:2.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "835CFB56-B366-44F2-BC0D-797973E29341" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:2.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "05D6DD1E-24F5-49C4-9BAF-2E4FA682F41F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:2.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F1A59274-C7AE-456B-821A-4A41DAE51DEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:2.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BF739FA1-C8A1-4CCD-BCA4-1A9ABD31D926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:2.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "71DF1A6A-B574-48E7-9337-A986EAD45441" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:2.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5B23B49A-6BEF-4662-A19A-AA53B6A61913" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:2.9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F632D17B-0864-4965-92CD-7B58CB88506C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "98433F67-056E-4371-B482-93A2EBF0C237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D8609203-C2ED-4821-A836-E81479406B8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3A0E475B-5CDF-40DB-A923-5DEB093D246E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E7C93812-ED30-40EC-81C2-159D2095A8F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "61C7F802-1490-467A-B5B6-0B2AFD468439" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "75CB9729-BCDE-41F4-8684-01FF62794E13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1ED9A5FF-B3A5-4DA8-AF7E-7B6C107A6C02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "A8CCDEF0-9026-4F67-95B1-07286EFBB370" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1FC82DC7-5C3C-452A-BB1D-021D935851EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "49A75B9A-D1A1-4E6A-84C7-1701DE00C8A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D2934396-D757-4079-A5D7-65133CF833DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "83A5237C-C126-4AEA-8CE8-DEC82DDEC69D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "14C2E2DA-6CE2-4B5E-A6CB-029967EAAFA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "492036BF-130B-435B-9EDD-71732CD663A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:3.9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "8AB540E8-5B68-4F20-970E-63B70FFA3C83" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23A3ABD7-9694-4784-9CD4-E8A1FA715682" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E79982C9-CB89-41B9-A294-B9830897304A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "7BB327AD-00E1-4397-B992-E182785E8ECC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E47F051E-5D15-456D-9C0D-1AE6FF347155" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D32E37C0-6ABE-46D2-987B-EC5E7F6BEF75" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "90D54E79-62C6-427F-9DD1-B3A99944E418" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "48797E89-FD8C-4904-9A8B-55F8D3840DB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6BAFDB60-1FC7-42E7-854A-9FB24E652DE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "786A513F-DAB0-4A19-91CA-8B30A8A507A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5108EA9C-45A6-44A6-8A04-E46988AB31DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "2EDD4D17-2884-446E-8857-BF059264997F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "3820B2FC-A566-44C1-9F98-B282A960359E" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-22-345", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41673.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41673.json index 2d452e55cbf..09a7f41483d 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41673.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41673.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41673", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-12-13T07:15:15.860", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:10:46.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -50,10 +70,78 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.4", + "matchCriteriaId": "3ADB57D8-1ABE-4401-B1B0-4640A34C555A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.0", + "versionEndIncluding": "6.1.6", + "matchCriteriaId": "D31CF79E-6C56-4CD0-9DD2-FBB48D503786" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.6", + "matchCriteriaId": "F5275C5C-B6FD-4456-B143-ECDD282150C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.5", + "matchCriteriaId": "302D8FF0-69B6-451A-9B5B-E28B2FAA30D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B35D8D53-448B-474C-B7CB-324CB4ED7A82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "933701AE-43E3-4260-973B-4EA09C375965" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "7F3029D7-4C37-4468-9CCD-45C7259EFF2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "74B0A112-AA30-4D11-8F36-3DC8A2EBCA16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7C624CB5-F745-4781-839A-B397EC97590B" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-270", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41678.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41678.json index d45c7e17329..83ab5dd2224 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41678.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41678.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41678", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-12-13T07:15:17.317", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:31:27.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -50,10 +70,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "79FEE7F6-F72E-4A43-883C-0CF492DF355B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FBDFDF02-2136-4DE0-A19B-FE3654ED90A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "49D51C9F-CED3-4EA0-89EB-3A63F54B10E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A9341F0B-D2F3-41D6-8FA5-49FDE8F3048B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0E0B17DD-6CE0-4DD0-9850-640F24A1AB10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "48D0E8CC-3815-4697-86D0-DC7F66E70520" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "920985C7-18F9-414A-A0B2-8C2FACDDE708" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4DA50317-AD1F-451A-AB91-96F1791CBBF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "BD6728D1-6891-4144-9D5B-EC7C9EE3B044" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFE431F-113D-4DF8-8166-10B8F8EB096C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0CC27DCF-F74C-431C-9545-F405D369AF22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "46FB5EB9-00E7-444C-B433-B51460BED34C" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-196", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41844.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41844.json index d30e9602657..06eca5e39de 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41844.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41844.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41844", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-12-13T07:15:18.887", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:34:33.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -50,10 +70,75 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndIncluding": "3.0.7", + "matchCriteriaId": "7D1EE4D7-4087-4A4A-9171-F48B1C5915C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1.0", + "versionEndIncluding": "3.1.5", + "matchCriteriaId": "2C47A3DB-A02A-488D-B0E1-867A19CE43B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "16BB4915-1330-45E5-887E-AD97C29F500B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndIncluding": "4.0.4", + "matchCriteriaId": "5197A546-B82E-4407-9CC4-8DF4C4323605" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndIncluding": "4.2.5", + "matchCriteriaId": "4641E869-8B7B-4DD7-89A9-1EA0BCE51C35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0CD764B6-2235-4C06-8A0C-AF5889B027F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3908E337-E2C4-4663-BC98-C33E68DCC132" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A1AF171E-7916-468A-B26E-7C722A0E6D8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-214", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42483.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42483.json index 85185aeb773..a75c4f4310c 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42483.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42483.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42483", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-13T01:15:07.870", - "lastModified": "2023-12-13T01:50:36.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:13:42.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system." + }, + { + "lang": "es", + "value": "Una condici\u00f3n de ejecuci\u00f3n TOCTOU en el procesador m\u00f3vil Samsung Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280 y Exynos 1380 puede provocar la terminaci\u00f3n inesperada de un sistema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +58,216 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E582F31-BCC1-4276-BC34-A38EDCC4BB01" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1B8C35DE-1C58-4C6E-BB15-0E3C2FECB8DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43122.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43122.json index 707feb174e5..0adf66486c8 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43122.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43122.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43122", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-13T01:15:10.350", - "lastModified": "2023-12-13T01:50:36.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:16:08.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader." + }, + { + "lang": "es", + "value": "El procesador m\u00f3vil y el procesador port\u00e1til de Samsung (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330 y W920) permiten la divulgaci\u00f3n de informaci\u00f3n en el gestor de arranque." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +58,270 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45587.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45587.json index 1d3db29e4f2..a2c78b28127 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45587.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45587.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45587", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-12-13T07:15:20.363", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:41:03.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -50,10 +70,68 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1.0", + "versionEndIncluding": "3.1.5", + "matchCriteriaId": "2C47A3DB-A02A-488D-B0E1-867A19CE43B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "16BB4915-1330-45E5-887E-AD97C29F500B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndIncluding": "4.0.4", + "matchCriteriaId": "5197A546-B82E-4407-9CC4-8DF4C4323605" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndIncluding": "4.2.5", + "matchCriteriaId": "4641E869-8B7B-4DD7-89A9-1EA0BCE51C35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0CD764B6-2235-4C06-8A0C-AF5889B027F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3908E337-E2C4-4663-BC98-C33E68DCC132" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A1AF171E-7916-468A-B26E-7C722A0E6D8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-360", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45864.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45864.json index c2cc47e72d5..7857b704bf9 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45864.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45864.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45864", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-13T01:15:10.677", - "lastModified": "2023-12-13T01:50:36.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:18:31.150", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas." + }, + { + "lang": "es", + "value": "Un problema de condici\u00f3n de ejecuci\u00f3n descubierto en el procesador m\u00f3vil Samsung Exynos 9820, 980, 1080, 2100, 2200, 1280 y 1380 permite modificaciones no deseadas de valores dentro de ciertas \u00e1reas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +58,216 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E582F31-BCC1-4276-BC34-A38EDCC4BB01" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1B8C35DE-1C58-4C6E-BB15-0E3C2FECB8DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47320.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47320.json index 9c7765a1dba..73936306665 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47320.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47320.json @@ -2,23 +2,87 @@ "id": "CVE-2023-47320", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-13T14:15:44.153", - "lastModified": "2023-12-13T14:27:29.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T20:51:18.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in \"Maintenance Mode\" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below." + }, + { + "lang": "es", + "value": "Silverpeas Core 6.3.1 es vulnerable a un control de acceso incorrecto. Un atacante con pocos privilegios puede ejecutar la funci\u00f3n exclusiva de administrador de poner la aplicaci\u00f3n en \"Modo de mantenimiento\" debido a un control de acceso roto. Esto hace que la aplicaci\u00f3n no est\u00e9 disponible para todos los usuarios. Esto afecta a Silverpeas Core 6.3.1 y versiones anteriores." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silverpeas:silverpeas:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.3.2", + "matchCriteriaId": "F4C6E996-03CD-4BD3-A74F-A450CA1B0C0B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://silverpeas.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47573.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47573.json index 758b9cf9b6e..e327e070208 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47573.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47573.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47573", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-13T02:15:07.553", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T19:25:03.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,105 @@ "value": "Un problema descubierto en dispositivos Relyum RELY-PCIe 22.2.1. El mecanismo de autorizaci\u00f3n no se aplica en la interfaz web, lo que permite que un usuario con pocos privilegios ejecute funciones administrativas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:relyum:rely-pcie_firmware:22.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D643D7C8-DA9A-4764-8A8D-398274FF6EA6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:relyum:rely-pcie:-:*:*:*:*:*:*:*", + "matchCriteriaId": "56F42305-83EB-4393-95A4-268E3C1DEB81" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:relyum:rely-rec_firmware:23.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D97DC11D-549C-4CBD-B6B7-E6916EB98C42" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:relyum:rely-rec:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F849C410-3DEA-4DC8-ADED-F1B62ADC44B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.relyum.com/web/support/vulnerability-report/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48782.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48782.json index dddbe8a96ca..75b17396eb0 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48782.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48782.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48782", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-12-13T07:15:27.480", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T20:01:55.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.6.0", + "versionEndIncluding": "8.6.5", + "matchCriteriaId": "BCEDF5B8-C922-48DD-926D-788A53ACD684" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-450", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48791.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48791.json index efa040a6f6d..8bcd980feca 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48791.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48791.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48791", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-12-13T07:15:28.980", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T20:09:24.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -50,10 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.6", + "matchCriteriaId": "A94FF899-FAEF-4005-9B23-1F44A949AEEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2C7F7D4E-DE62-491A-9C00-EAD2595BF2D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-425", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49297.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49297.json index d29cca25ae0..d508bf4f3be 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49297.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49297.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49297", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T21:15:07.460", - "lastModified": "2023-12-12T01:47:08.880", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-15T20:15:07.570", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -108,6 +108,10 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYR5SJKOFSSXFV3E3D2SLXBUBA5WMJJG/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50089.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50089.json index 3343c47049c..86c9d3e8d09 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50089.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50089.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50089", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-15T17:15:12.780", - "lastModified": "2023-12-15T17:15:12.780", - "vulnStatus": "Received", + "lastModified": "2023-12-15T20:09:58.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50719.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50719.json new file mode 100644 index 00000000000..892b583c030 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50719.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-50719", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-15T19:15:09.247", + "lastModified": "2023-12-15T20:09:58.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + }, + { + "lang": "en", + "value": "CWE-359" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-21208", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50720.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50720.json new file mode 100644 index 00000000000..b9e01fee51c --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50720.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-50720", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-15T19:15:09.463", + "lastModified": "2023-12-15T20:09:58.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20371", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50721.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50721.json new file mode 100644 index 00000000000..68a30338ea6 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50721.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-50721", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-15T19:15:09.667", + "lastModified": "2023-12-15T20:09:58.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + }, + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-21200", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50722.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50722.json new file mode 100644 index 00000000000..88157571a1a --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50722.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-50722", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-15T19:15:09.870", + "lastModified": "2023-12-15T20:09:58.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-21167", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50723.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50723.json new file mode 100644 index 00000000000..442810754f0 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50723.json @@ -0,0 +1,87 @@ +{ + "id": "CVE-2023-50723", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-15T19:15:10.073", + "lastModified": "2023-12-15T20:09:58.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + }, + { + "lang": "en", + "value": "CWE-95" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-21121", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-21122", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-21194", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50917.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50917.json index 5939c60eab2..11c62261cff 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50917.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50917.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50917", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-15T17:15:12.840", - "lastModified": "2023-12-15T17:15:12.840", - "vulnStatus": "Received", + "lastModified": "2023-12-15T20:09:58.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50918.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50918.json index 9773d0dfaf6..52bad4b636d 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50918.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50918.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50918", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-15T18:15:07.723", - "lastModified": "2023-12-15T18:15:07.723", - "vulnStatus": "Received", + "lastModified": "2023-12-15T20:09:58.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6345.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6345.json index e0835659ea1..52ecdf34659 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6345.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6345.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6345", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-29T12:15:07.077", - "lastModified": "2023-12-05T17:15:08.630", - "vulnStatus": "Modified", + "lastModified": "2023-12-15T20:09:40.917", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-11-30", "cisaActionDue": "2023-12-21", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -87,6 +87,11 @@ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", @@ -100,6 +105,22 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0.2151.97", + "matchCriteriaId": "6C5B746E-0486-4773-9EBA-8A29AEEFAC13" + } + ] + } + ] } ], "references": [ @@ -126,7 +147,11 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6379.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6379.json index bfecef77ba2..624b9bebe53 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6379.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6379.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6379", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-12-13T11:15:07.100", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T20:33:49.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "16.0.0", + "matchCriteriaId": "5AFBA989-0EBE-40DA-AB0C-D1771E862CAE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6380.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6380.json index 871ed18f76b..d9a85897790 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6380.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6380.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6380", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-12-13T11:15:07.630", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T20:22:40.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "16.0.0", + "matchCriteriaId": "5AFBA989-0EBE-40DA-AB0C-D1771E862CAE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6723.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6723.json index be5ecc101e9..7de5e3fca84 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6723.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6723.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6723", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-12-13T11:15:08.040", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T20:37:10.720", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:europeana:repox:2.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "FA4CFB07-33A3-44FB-A484-9C23CD4AA5B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6755.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6755.json index 0ce0379f639..709d19c5afd 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6755.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6755.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6755", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-13T13:15:09.203", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-15T20:48:01.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/content_batchup_action.php. The manipulation of the argument endid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247883. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en DedeBIZ 6.2 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /src/admin/content_batchup_action.php. La manipulaci\u00f3n del argumento endid conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-247883. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dedebiz:dedebiz:6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4240B26E-641D-4E8C-8001-B86FA8388C57" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ycwxy/test/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.247883", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.247883", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index d3fe8a12af1..9973eb6b058 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-15T19:00:24.460983+00:00 +2023-12-15T21:00:25.285447+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-15T18:54:15.480000+00:00 +2023-12-15T20:51:18.320000+00:00 ``` ### Last Data Feed Release @@ -29,38 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233512 +233517 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `5` -* [CVE-2023-50089](CVE-2023/CVE-2023-500xx/CVE-2023-50089.json) (`2023-12-15T17:15:12.780`) -* [CVE-2023-50917](CVE-2023/CVE-2023-509xx/CVE-2023-50917.json) (`2023-12-15T17:15:12.840`) -* [CVE-2023-50918](CVE-2023/CVE-2023-509xx/CVE-2023-50918.json) (`2023-12-15T18:15:07.723`) +* [CVE-2023-50719](CVE-2023/CVE-2023-507xx/CVE-2023-50719.json) (`2023-12-15T19:15:09.247`) +* [CVE-2023-50720](CVE-2023/CVE-2023-507xx/CVE-2023-50720.json) (`2023-12-15T19:15:09.463`) +* [CVE-2023-50721](CVE-2023/CVE-2023-507xx/CVE-2023-50721.json) (`2023-12-15T19:15:09.667`) +* [CVE-2023-50722](CVE-2023/CVE-2023-507xx/CVE-2023-50722.json) (`2023-12-15T19:15:09.870`) +* [CVE-2023-50723](CVE-2023/CVE-2023-507xx/CVE-2023-50723.json) (`2023-12-15T19:15:10.073`) ### CVEs modified in the last Commit -Recently modified CVEs: `16` - -* [CVE-2021-1585](CVE-2021/CVE-2021-15xx/CVE-2021-1585.json) (`2023-12-15T17:14:06.997`) -* [CVE-2023-45801](CVE-2023/CVE-2023-458xx/CVE-2023-45801.json) (`2023-12-15T17:12:58.397`) -* [CVE-2023-50252](CVE-2023/CVE-2023-502xx/CVE-2023-50252.json) (`2023-12-15T17:50:59.207`) -* [CVE-2023-50251](CVE-2023/CVE-2023-502xx/CVE-2023-50251.json) (`2023-12-15T17:51:25.283`) -* [CVE-2023-6760](CVE-2023/CVE-2023-67xx/CVE-2023-6760.json) (`2023-12-15T18:01:45.383`) -* [CVE-2023-6759](CVE-2023/CVE-2023-67xx/CVE-2023-6759.json) (`2023-12-15T18:02:45.423`) -* [CVE-2023-24934](CVE-2023/CVE-2023-249xx/CVE-2023-24934.json) (`2023-12-15T18:14:59.947`) -* [CVE-2023-5156](CVE-2023/CVE-2023-51xx/CVE-2023-5156.json) (`2023-12-15T18:18:02.487`) -* [CVE-2023-4016](CVE-2023/CVE-2023-40xx/CVE-2023-4016.json) (`2023-12-15T18:19:03.787`) -* [CVE-2023-1260](CVE-2023/CVE-2023-12xx/CVE-2023-1260.json) (`2023-12-15T18:19:05.587`) -* [CVE-2023-49273](CVE-2023/CVE-2023-492xx/CVE-2023-49273.json) (`2023-12-15T18:30:22.630`) -* [CVE-2023-49278](CVE-2023/CVE-2023-492xx/CVE-2023-49278.json) (`2023-12-15T18:33:33.317`) -* [CVE-2023-49279](CVE-2023/CVE-2023-492xx/CVE-2023-49279.json) (`2023-12-15T18:36:38.653`) -* [CVE-2023-6753](CVE-2023/CVE-2023-67xx/CVE-2023-6753.json) (`2023-12-15T18:39:14.077`) -* [CVE-2023-45800](CVE-2023/CVE-2023-458xx/CVE-2023-45800.json) (`2023-12-15T18:50:06.017`) -* [CVE-2023-36639](CVE-2023/CVE-2023-366xx/CVE-2023-36639.json) (`2023-12-15T18:54:15.480`) +Recently modified CVEs: `43` + +* [CVE-2023-35621](CVE-2023/CVE-2023-356xx/CVE-2023-35621.json) (`2023-12-15T19:44:04.057`) +* [CVE-2023-36719](CVE-2023/CVE-2023-367xx/CVE-2023-36719.json) (`2023-12-15T19:47:17.103`) +* [CVE-2023-36705](CVE-2023/CVE-2023-367xx/CVE-2023-36705.json) (`2023-12-15T19:47:45.657`) +* [CVE-2023-36428](CVE-2023/CVE-2023-364xx/CVE-2023-36428.json) (`2023-12-15T19:48:20.413`) +* [CVE-2023-36427](CVE-2023/CVE-2023-364xx/CVE-2023-36427.json) (`2023-12-15T19:50:36.810`) +* [CVE-2023-36425](CVE-2023/CVE-2023-364xx/CVE-2023-36425.json) (`2023-12-15T19:52:02.540`) +* [CVE-2023-36424](CVE-2023/CVE-2023-364xx/CVE-2023-36424.json) (`2023-12-15T19:55:29.947`) +* [CVE-2023-36408](CVE-2023/CVE-2023-364xx/CVE-2023-36408.json) (`2023-12-15T19:57:47.510`) +* [CVE-2023-36407](CVE-2023/CVE-2023-364xx/CVE-2023-36407.json) (`2023-12-15T19:57:59.780`) +* [CVE-2023-36406](CVE-2023/CVE-2023-364xx/CVE-2023-36406.json) (`2023-12-15T19:58:20.153`) +* [CVE-2023-36405](CVE-2023/CVE-2023-364xx/CVE-2023-36405.json) (`2023-12-15T19:58:39.633`) +* [CVE-2023-36404](CVE-2023/CVE-2023-364xx/CVE-2023-36404.json) (`2023-12-15T19:58:53.727`) +* [CVE-2023-36403](CVE-2023/CVE-2023-364xx/CVE-2023-36403.json) (`2023-12-15T19:59:05.223`) +* [CVE-2023-48782](CVE-2023/CVE-2023-487xx/CVE-2023-48782.json) (`2023-12-15T20:01:55.773`) +* [CVE-2023-48791](CVE-2023/CVE-2023-487xx/CVE-2023-48791.json) (`2023-12-15T20:09:24.010`) +* [CVE-2023-6345](CVE-2023/CVE-2023-63xx/CVE-2023-6345.json) (`2023-12-15T20:09:40.917`) +* [CVE-2023-50089](CVE-2023/CVE-2023-500xx/CVE-2023-50089.json) (`2023-12-15T20:09:58.393`) +* [CVE-2023-50917](CVE-2023/CVE-2023-509xx/CVE-2023-50917.json) (`2023-12-15T20:09:58.393`) +* [CVE-2023-50918](CVE-2023/CVE-2023-509xx/CVE-2023-50918.json) (`2023-12-15T20:09:58.393`) +* [CVE-2023-49297](CVE-2023/CVE-2023-492xx/CVE-2023-49297.json) (`2023-12-15T20:15:07.570`) +* [CVE-2023-6380](CVE-2023/CVE-2023-63xx/CVE-2023-6380.json) (`2023-12-15T20:22:40.343`) +* [CVE-2023-6379](CVE-2023/CVE-2023-63xx/CVE-2023-6379.json) (`2023-12-15T20:33:49.850`) +* [CVE-2023-6723](CVE-2023/CVE-2023-67xx/CVE-2023-6723.json) (`2023-12-15T20:37:10.720`) +* [CVE-2023-6755](CVE-2023/CVE-2023-67xx/CVE-2023-6755.json) (`2023-12-15T20:48:01.920`) +* [CVE-2023-47320](CVE-2023/CVE-2023-473xx/CVE-2023-47320.json) (`2023-12-15T20:51:18.320`) ## Download and Usage