Auto-Update: 2024-08-28T22:00:17.522415+00:00

CVE-2022/CVE-2022-230xx/CVE-2022-23086.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-23086",
   "sourceIdentifier": "[email protected]",
   "published": "2024-02-15T05:15:09.273",
-  "lastModified": "2024-04-19T07:15:08.670",
+  "lastModified": "2024-08-28T20:35:00.763",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -15,7 +15,42 @@
       "value": "Los controladores para *_CFG_PAGE lectura/escritura ioctls en los controladores mpr, mps y mpt asignaron un b\u00fafer de un tama\u00f1o especificado por la persona que llama, pero copiaron en \u00e9l un encabezado de tama\u00f1o fijo. Otro contenido del mont\u00f3n se sobrescribir\u00eda si el tama\u00f1o especificado fuera demasiado peque\u00f1o. Los usuarios con acceso al nodo del dispositivo mpr, mps o mpt pueden sobrescribir los datos del mont\u00f3n, lo que podr\u00eda provocar una escalada de privilegios. Tenga en cuenta que solo el usuario ra\u00edz y los miembros del grupo de operadores pueden acceder al nodo del dispositivo."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-122"
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:06.ioctl.asc",

CVE-2022/CVE-2022-331xx/CVE-2022-33162.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-33162",
   "sourceIdentifier": "[email protected]",
   "published": "2024-08-16T19:15:06.213",
-  "lastModified": "2024-08-19T13:00:23.117",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2024-08-28T21:50:06.957",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -17,6 +17,26 @@
   ],
   "metrics": {
     "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      },
       {
         "source": "[email protected]",
         "type": "Secondary",
@@ -41,8 +61,18 @@
   },
   "weaknesses": [
     {
-      "source": "[email protected]",
+      "source": "[email protected]",
       "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "NVD-CWE-noinfo"
+        }
+      ]
+    },
+    {
+      "source": "[email protected]",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",
@@ -51,14 +81,42 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "65A1A95C-1687-4304-88C5-1BEB58BBC8DF"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "76B2C187-CEC8-4991-94E2-058B6584A40A"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228570",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "VDB Entry"
+      ]
     },
     {
       "url": "https://www.ibm.com/support/pages/node/7161442",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Vendor Advisory"
+      ]
     }
   ]
 }

CVE-2022/CVE-2022-464xx/CVE-2022-46497.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-46497",
   "sourceIdentifier": "[email protected]",
   "published": "2024-03-07T09:15:37.970",
-  "lastModified": "2024-03-07T13:52:27.110",
+  "lastModified": "2024-08-28T21:35:00.797",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -15,7 +15,42 @@
       "value": "Se descubri\u00f3 que Hospital Management System 1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro pat_number en his_doc_view_single_patien.php."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://github.com/ASR511-OO7/CVE-2022-46497/blob/main/CVE-33",

CVE-2023/CVE-2023-428xx/CVE-2023-42873.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-42873",
   "sourceIdentifier": "[email protected]",
   "published": "2024-02-21T07:15:49.997",
-  "lastModified": "2024-02-22T19:07:27.197",
+  "lastModified": "2024-08-28T20:35:03.950",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -15,7 +15,30 @@
       "value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
   "references": [
     {
       "url": "https://support.apple.com/en-us/HT213981",

CVE-2023/CVE-2023-477xx/CVE-2023-47728.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-47728",
   "sourceIdentifier": "[email protected]",
   "published": "2024-08-16T20:15:09.780",
-  "lastModified": "2024-08-19T13:00:23.117",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2024-08-28T21:40:55.593",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -17,6 +17,26 @@
   ],
   "metrics": {
     "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      },
       {
         "source": "[email protected]",
         "type": "Secondary",
@@ -51,14 +71,46 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "1.10.0.0",
+              "versionEndIncluding": "1.10.11.0",
+              "matchCriteriaId": "8FA89838-3E05-4778-9323-DE51CC10FD18"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "1.10.12.0",
+              "versionEndExcluding": "1.10.23.0",
+              "matchCriteriaId": "4E1101FE-F579-4869-BFFD-6383D0F9C6A6"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272201",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Broken Link"
+      ]
     },
     {
       "url": "https://www.ibm.com/support/pages/node/7161427",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Vendor Advisory"
+      ]
     }
   ]
 }

CVE-2023/CVE-2023-495xx/CVE-2023-49543.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-49543",
   "sourceIdentifier": "[email protected]",
   "published": "2024-03-01T22:15:47.640",
-  "lastModified": "2024-03-01T22:22:25.913",
+  "lastModified": "2024-08-28T20:35:04.473",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -15,7 +15,42 @@
       "value": "El control de acceso incorrecto en Book Store Management System v1 permite a los atacantes acceder a p\u00e1ginas no autorizadas y ejecutar funciones administrativas sin autenticarse."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://github.com/geraldoalcantara/CVE-2023-49543",