From 0303ae5135c435d72d12508f046d24a850ef4243 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 9 Jun 2023 23:55:28 +0000 Subject: [PATCH] Auto-Update: 2023-06-09T23:55:24.935293+00:00 --- CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json | 65 +++++++- CVE-2020/CVE-2020-190xx/CVE-2020-19028.json | 69 +++++++- CVE-2022/CVE-2022-463xx/CVE-2022-46308.json | 38 ++++- CVE-2022/CVE-2022-476xx/CVE-2022-47616.json | 72 ++++++++- CVE-2022/CVE-2022-476xx/CVE-2022-47617.json | 38 ++++- CVE-2022/CVE-2022-483xx/CVE-2022-48390.json | 145 ++++++++++++++++- CVE-2022/CVE-2022-483xx/CVE-2022-48391.json | 145 ++++++++++++++++- CVE-2022/CVE-2022-483xx/CVE-2022-48392.json | 150 +++++++++++++++++- CVE-2022/CVE-2022-484xx/CVE-2022-48438.json | 145 ++++++++++++++++- CVE-2022/CVE-2022-484xx/CVE-2022-48439.json | 145 ++++++++++++++++- CVE-2023/CVE-2023-00xx/CVE-2023-0041.json | 75 ++++++++- CVE-2023/CVE-2023-228xx/CVE-2023-22862.json | 70 +++++++- CVE-2023/CVE-2023-24xx/CVE-2023-2488.json | 53 ++++++- CVE-2023/CVE-2023-24xx/CVE-2023-2489.json | 53 ++++++- CVE-2023/CVE-2023-272xx/CVE-2023-27285.json | 70 +++++++- CVE-2023/CVE-2023-28xx/CVE-2023-2835.json | 69 +++++++- CVE-2023/CVE-2023-293xx/CVE-2023-29344.json | 71 ++++++++- CVE-2023/CVE-2023-306xx/CVE-2023-30602.json | 38 ++++- CVE-2023/CVE-2023-306xx/CVE-2023-30603.json | 60 ++++++- CVE-2023/CVE-2023-30xx/CVE-2023-3032.json | 58 ++++++- CVE-2023/CVE-2023-30xx/CVE-2023-3033.json | 58 ++++++- CVE-2023/CVE-2023-31xx/CVE-2023-3109.json | 67 +++++++- CVE-2023/CVE-2023-31xx/CVE-2023-3111.json | 69 +++++++- CVE-2023/CVE-2023-31xx/CVE-2023-3119.json | 59 ++++++- CVE-2023/CVE-2023-31xx/CVE-2023-3120.json | 59 ++++++- CVE-2023/CVE-2023-327xx/CVE-2023-32766.json | 89 +++++++++-- CVE-2023/CVE-2023-333xx/CVE-2023-33386.json | 69 +++++++- CVE-2023/CVE-2023-334xx/CVE-2023-33408.json | 69 +++++++- CVE-2023/CVE-2023-334xx/CVE-2023-33409.json | 69 +++++++- CVE-2023/CVE-2023-334xx/CVE-2023-33410.json | 69 +++++++- CVE-2023/CVE-2023-335xx/CVE-2023-33524.json | 74 ++++++++- CVE-2023/CVE-2023-337xx/CVE-2023-33733.json | 65 +++++++- README.md | 58 +++---- 33 files changed, 2332 insertions(+), 171 deletions(-) diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json index e995b3fb773..112077ec535 100644 --- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json +++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125105", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-05T01:15:45.637", - "lastModified": "2023-06-05T13:03:03.327", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T23:49:55.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,22 +97,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.10.1", + "matchCriteriaId": "3EFD1755-606E-45DC-8CA2-58C1BC93BC8D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wp-plugins/broken-link-checker/commit/90615fe9b0b6f9e6fb254d503c302e53a202e561", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.2", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vuldb.com/?ctiid.230659", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.230659", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-190xx/CVE-2020-19028.json b/CVE-2020/CVE-2020-190xx/CVE-2020-19028.json index b946c2e3ba3..bdce656c222 100644 --- a/CVE-2020/CVE-2020-190xx/CVE-2020-19028.json +++ b/CVE-2020/CVE-2020-190xx/CVE-2020-19028.json @@ -2,23 +2,82 @@ "id": "CVE-2020-19028", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T21:15:10.307", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:45:50.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:emlog:emlog:6.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8D037A14-2868-4D62-90B8-5C0DD22CC3D4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/emlog/emlog", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/sincere-c/CVE/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46308.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46308.json index 0d3a57855e2..d0a5bdd7267 100644 --- a/CVE-2022/CVE-2022-463xx/CVE-2022-46308.json +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46308.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46308", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-06-02T11:15:09.913", - "lastModified": "2023-06-02T12:48:49.093", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:35:21.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sguda:u-lock_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "331B7EF1-54ED-4B7B-9140-B97350CD18E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sguda:u-lock:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7898FF1F-13B9-4F6A-8AD7-3888CCA147B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-476xx/CVE-2022-47616.json b/CVE-2022/CVE-2022-476xx/CVE-2022-47616.json index 0b9c767b704..ae362c16d30 100644 --- a/CVE-2022/CVE-2022-476xx/CVE-2022-47616.json +++ b/CVE-2022/CVE-2022-476xx/CVE-2022-47616.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47616", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-06-02T11:15:09.997", - "lastModified": "2023-06-02T12:48:49.093", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:42:27.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,12 +31,32 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, "weaknesses": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,54 @@ "value": "CWE-78" } ] + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitrontech:coda-5310_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "22530DC7-225E-43D3-B813-A3AE30701CDC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hitrontech:coda-5310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "491195EE-6802-46EB-AFEE-CEF553255203" + } + ] + } + ] } ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-476xx/CVE-2022-47617.json b/CVE-2022/CVE-2022-476xx/CVE-2022-47617.json index 51ecb53df86..5b0f71af9b9 100644 --- a/CVE-2022/CVE-2022-476xx/CVE-2022-47617.json +++ b/CVE-2022/CVE-2022-476xx/CVE-2022-47617.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47617", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-06-02T11:15:10.077", - "lastModified": "2023-06-02T12:48:49.093", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:46:13.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitrontech:coda-5310_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "22530DC7-225E-43D3-B813-A3AE30701CDC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hitrontech:coda-5310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "491195EE-6802-46EB-AFEE-CEF553255203" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7083-94e13-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48390.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48390.json index 8e4fe95ee9a..3c99e8cf2c0 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48390.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48390.json @@ -2,19 +2,156 @@ "id": "CVE-2022-48390", "sourceIdentifier": "security@unisoc.com", "published": "2023-06-06T06:15:48.860", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-06-09T23:04:20.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48391.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48391.json index d2b534ea042..eaf9e7f93cd 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48391.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48391.json @@ -2,19 +2,156 @@ "id": "CVE-2022-48391", "sourceIdentifier": "security@unisoc.com", "published": "2023-06-06T06:15:49.483", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-06-09T23:11:28.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48392.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48392.json index 4508fd3028e..5bd2dd8de05 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48392.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48392.json @@ -2,19 +2,161 @@ "id": "CVE-2022-48392", "sourceIdentifier": "security@unisoc.com", "published": "2023-06-06T06:15:49.687", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-06-09T23:12:57.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48438.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48438.json index ab31c57211d..f9a10e78b0e 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48438.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48438.json @@ -2,19 +2,156 @@ "id": "CVE-2022-48438", "sourceIdentifier": "security@unisoc.com", "published": "2023-06-06T06:15:49.810", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-06-09T23:15:14.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48439.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48439.json index 600d8743c50..7d3b311e7e3 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48439.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48439.json @@ -2,19 +2,156 @@ "id": "CVE-2022-48439", "sourceIdentifier": "security@unisoc.com", "published": "2023-06-06T06:15:49.933", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-06-09T23:46:10.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0041.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0041.json index 188e018a5ec..67432b8f508 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0041.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0041.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0041", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-05T01:15:45.810", - "lastModified": "2023-06-05T13:02:53.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T23:50:50.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -50,14 +80,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_guardium:11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "B4F327AB-9F53-402C-9BFA-F66F20A83B40" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/243657", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7000021", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22862.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22862.json index 26315956b8c..fbd53febee5 100644 --- a/CVE-2023/CVE-2023-228xx/CVE-2023-22862.json +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22862.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22862", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-05T00:15:09.703", - "lastModified": "2023-06-05T13:03:03.327", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:54:45.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -50,14 +80,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:aspera_cargo:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.6", + "matchCriteriaId": "0071D680-D9FE-405E-A034-BC72985BEEE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:aspera_connect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.6", + "matchCriteriaId": "6120393C-B2D1-4AC1-81BA-B79B2F5DCB13" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244107", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7001053", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2488.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2488.json index ccded602a9b..43187c913e0 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2488.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2488.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2488", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-05T14:15:10.173", - "lastModified": "2023-06-05T14:22:20.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:49:23.527", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trumani:stop_spammers:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2023", + "matchCriteriaId": "16957128-1242-4DED-A982-A704DDA24932" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/60226669-0b7b-441f-93d4-b5933e69478f", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2489.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2489.json index 07560acd108..7a808788036 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2489.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2489.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2489", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-05T14:15:10.243", - "lastModified": "2023-06-05T14:22:20.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:52:37.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trumani:stop_spammers:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2023", + "matchCriteriaId": "16957128-1242-4DED-A982-A704DDA24932" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/dcbe3334-357a-4744-b50c-309d10cca30d", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27285.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27285.json index ce7b4d7352b..5bca97c1212 100644 --- a/CVE-2023/CVE-2023-272xx/CVE-2023-27285.json +++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27285.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27285", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-05T00:15:09.920", - "lastModified": "2023-06-05T13:03:03.327", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T23:02:39.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -50,14 +80,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:aspera_cargo:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.6", + "matchCriteriaId": "0071D680-D9FE-405E-A034-BC72985BEEE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:aspera_connect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.6", + "matchCriteriaId": "6120393C-B2D1-4AC1-81BA-B79B2F5DCB13" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248625", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7001053", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2835.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2835.json index d871c919a6a..11f9ed7120d 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2835.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2835.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2835", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-02T07:15:09.550", - "lastModified": "2023-06-02T12:48:55.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:15:58.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdirectorykit:wp_directory_kit:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.3", + "matchCriteriaId": "3957F188-B0AB-440E-9A07-958835982A16" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Don-H50/wp-vul/blob/main/WDK-xss-exploit.md", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2917413/wpdirectorykit/trunk/application/views/wdk_messages/index.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/847f1c00-0e8f-4d38-84af-fe959e2efe5c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29344.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29344.json index 93a3a5712a3..86ac8cd4be7 100644 --- a/CVE-2023/CVE-2023-293xx/CVE-2023-29344.json +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29344.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29344", "sourceIdentifier": "secure@microsoft.com", "published": "2023-06-05T19:15:10.190", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-06-09T22:53:57.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -34,10 +54,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", + "matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", + "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29344", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30602.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30602.json index 7bebc28086e..5099fc3ee4b 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30602.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30602.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30602", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-06-02T11:15:10.793", - "lastModified": "2023-06-02T12:48:49.093", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:15:57.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitrontech:coda-5310_firmware:7.2.4.7.1b3:*:*:*:*:*:*:*", + "matchCriteriaId": "B27E4E38-EFFE-4D6C-B59B-70CC41CF9139" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hitrontech:coda-5310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "491195EE-6802-46EB-AFEE-CEF553255203" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30603.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30603.json index 4bf91f2e737..873d7155b74 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30603.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30603.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30603", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-06-02T11:15:10.863", - "lastModified": "2023-06-02T12:48:49.093", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:16:45.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +31,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -46,10 +66,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitrontech:coda-5310_firmware:7.2.4.7.1b3:*:*:*:*:*:*:*", + "matchCriteriaId": "B27E4E38-EFFE-4D6C-B59B-70CC41CF9139" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hitrontech:coda-5310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "491195EE-6802-46EB-AFEE-CEF553255203" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3032.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3032.json index 4a53cfdfd6e..edbe880fa01 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3032.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3032.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3032", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-06-02T13:15:10.073", - "lastModified": "2023-06-02T14:32:29.847", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:23:49.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "vulnerability@ncsc.ch", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "vulnerability@ncsc.ch", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mobatime:mobatime_web_application:*:*:*:*:*:*:*:*", + "versionEndIncluding": "06.7.22", + "matchCriteriaId": "CF37DD9C-C3C8-436E-B879-FA2FC85AE35F" + } + ] + } + ] + } + ], "references": [ { "url": "https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3032.html", - "source": "vulnerability@ncsc.ch" + "source": "vulnerability@ncsc.ch", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3033.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3033.json index f604cd5e3b7..336f3fdf934 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3033.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3033.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3033", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-06-02T13:15:10.133", - "lastModified": "2023-06-02T14:32:29.847", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:33:28.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "vulnerability@ncsc.ch", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "vulnerability@ncsc.ch", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mobatime:mobatime_web_application:*:*:*:*:*:*:*:*", + "versionEndIncluding": "06.7.22", + "matchCriteriaId": "CF37DD9C-C3C8-436E-B879-FA2FC85AE35F" + } + ] + } + ] + } + ], "references": [ { "url": "https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3033.html", - "source": "vulnerability@ncsc.ch" + "source": "vulnerability@ncsc.ch", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3109.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3109.json index bc6d69b54be..5cbeea6d856 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3109.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3109.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3109", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-05T16:15:09.600", - "lastModified": "2023-06-05T16:42:43.303", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:56:20.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,7 +58,7 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +66,51 @@ "value": "CWE-79" } ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.8", + "matchCriteriaId": "8371F622-F25A-40EA-91E5-0791A9F4EA89" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/admidio/admidio/commit/a7c211b835cafe1158932fbfcff9e5552e57510a", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/6fa6070e-8f7f-43ae-8a84-e36b28256123", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json index 714acfb86c0..1cda733f4d6 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json @@ -2,16 +2,49 @@ "id": "CVE-2023-3111", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-05T21:15:11.377", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:51:48.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,10 +56,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0", + "matchCriteriaId": "87B81C9D-7173-4FFB-97BC-9C41AB20A53C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3119.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3119.json index c109f76fe8f..c03e9e91440 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3119.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3119.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3119", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-06T11:15:10.063", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T23:01:04.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,18 +97,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:service_provider_management_system_project:service_provider_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "72A53E3F-CC8B-4570-9F4F-BA25E7F4F642" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Service%20Provider%20Management%20System%20-%20multiple%20vulnerabilities.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.230798", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.230798", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3120.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3120.json index a1c59394e42..e414141b3b2 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3120.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3120.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3120", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-06T11:15:10.223", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T23:04:57.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,18 +97,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:service_provider_management_system_project:service_provider_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "72A53E3F-CC8B-4570-9F4F-BA25E7F4F642" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Service%20Provider%20Management%20System%20-%20multiple%20vulnerabilities.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Technical Description" + ] }, { "url": "https://vuldb.com/?ctiid.230799", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Technical Description" + ] }, { "url": "https://vuldb.com/?id.230799", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Technical Description" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32766.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32766.json index 066c8861b92..7aeb3174d0e 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32766.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32766.json @@ -2,39 +2,110 @@ "id": "CVE-2023-32766", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T15:15:09.143", - "lastModified": "2023-06-05T16:42:43.303", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:42:16.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitpod:gitpod:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022.11.3", + "matchCriteriaId": "862828C1-EFDB-4680-A3BA-54F828B08C8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview?product=default&tcuUid=1d505bda-9a38-4ca5-8724-052e6337f34d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/gitpod-io/gitpod/commit/6771283c3406586e352337675b79ff2ca50f191b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gitpod-io/gitpod/compare/release-2022.11.2...2022.11.3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gitpod-io/gitpod/pull/17559", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gitpod-io/gitpod/releases/tag/2022.11.3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.gitpod.io", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33386.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33386.json index c7b74d27856..0d20fef66ed 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33386.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33386.json @@ -2,23 +2,82 @@ "id": "CVE-2023-33386", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T15:15:09.197", - "lastModified": "2023-06-05T16:42:43.303", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:42:31.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:marsctf_project:marsctf:1.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "48D78D22-7C75-4B8A-A9BA-95531623F052" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/b1ackc4t/MarsCTF/blob/V1.2.1/src/main/java/com/b1ackc4t/marsctfserver/service/impl/CTFFileServiceImpl.java#L46", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/b1ackc4t/MarsCTF/issues/10", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33408.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33408.json index aab107462d4..9261b550ac1 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33408.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33408.json @@ -2,23 +2,82 @@ "id": "CVE-2023-33408", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T21:15:11.140", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:47:21.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:minical:minical:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1B4A76D8-C12B-46E0-8DC7-52FA6AA4CB9A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Thirukrishnan/CVE-2023-33408", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/minical/minical", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33409.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33409.json index c6cf37ca7a5..0bf0795f6ed 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33409.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33409.json @@ -2,23 +2,82 @@ "id": "CVE-2023-33409", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T21:15:11.193", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:45:58.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:minical:minical:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1B4A76D8-C12B-46E0-8DC7-52FA6AA4CB9A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Thirukrishnan/CVE-2023-33409", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/minical/minical", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33410.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33410.json index e630356b0bd..acc08ebdfc7 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33410.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33410.json @@ -2,23 +2,82 @@ "id": "CVE-2023-33410", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T21:15:11.243", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:51:17.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:minical:minical:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1B4A76D8-C12B-46E0-8DC7-52FA6AA4CB9A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Thirukrishnan/CVE-2023-33410", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/minical/minical", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33524.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33524.json index a23b862ee26..d4d6b520512 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33524.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33524.json @@ -2,27 +2,89 @@ "id": "CVE-2023-33524", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T17:15:08.940", - "lastModified": "2023-06-07T00:15:09.300", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:54:48.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advent:tamale_rms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.1", + "matchCriteriaId": "8FFB8175-B964-4757-A89F-54B7BDF7AA8C" + } + ] + } + ] + } + ], "references": [ { "url": "https://cve.report/CVE-2023-33524", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33733.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33733.json index 1f9e6b4e003..4844a127f0e 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33733.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33733.json @@ -2,19 +2,76 @@ "id": "CVE-2023-33733", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T16:15:09.550", - "lastModified": "2023-06-07T01:15:39.190", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-09T22:58:22.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reportlab:reportlab:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.6.12", + "matchCriteriaId": "EC629FD3-C403-47AA-A6CA-B8B3AFD018F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/c53elyas/CVE-2023-33733", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 171b28aa0bb..d417a61c193 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-09T22:00:26.149980+00:00 +2023-06-09T23:55:24.935293+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-09T21:56:34.763000+00:00 +2023-06-09T23:50:50.877000+00:00 ``` ### Last Data Feed Release @@ -34,39 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `17` +Recently added CVEs: `0` -* [CVE-2023-29749](CVE-2023/CVE-2023-297xx/CVE-2023-29749.json) (`2023-06-09T20:15:09.663`) -* [CVE-2023-29752](CVE-2023/CVE-2023-297xx/CVE-2023-29752.json) (`2023-06-09T20:15:09.717`) -* [CVE-2023-29755](CVE-2023/CVE-2023-297xx/CVE-2023-29755.json) (`2023-06-09T20:15:09.763`) -* [CVE-2023-29756](CVE-2023/CVE-2023-297xx/CVE-2023-29756.json) (`2023-06-09T20:15:09.813`) -* [CVE-2023-29757](CVE-2023/CVE-2023-297xx/CVE-2023-29757.json) (`2023-06-09T20:15:09.857`) -* [CVE-2023-29758](CVE-2023/CVE-2023-297xx/CVE-2023-29758.json) (`2023-06-09T20:15:09.903`) -* [CVE-2023-29759](CVE-2023/CVE-2023-297xx/CVE-2023-29759.json) (`2023-06-09T20:15:09.957`) -* [CVE-2023-29761](CVE-2023/CVE-2023-297xx/CVE-2023-29761.json) (`2023-06-09T20:15:10.003`) -* [CVE-2023-29766](CVE-2023/CVE-2023-297xx/CVE-2023-29766.json) (`2023-06-09T20:15:10.063`) -* [CVE-2023-29767](CVE-2023/CVE-2023-297xx/CVE-2023-29767.json) (`2023-06-09T20:15:10.140`) -* [CVE-2023-32312](CVE-2023/CVE-2023-323xx/CVE-2023-32312.json) (`2023-06-09T20:15:10.190`) -* [CVE-2023-34856](CVE-2023/CVE-2023-348xx/CVE-2023-34856.json) (`2023-06-09T20:15:10.277`) -* [CVE-2023-3141](CVE-2023/CVE-2023-31xx/CVE-2023-3141.json) (`2023-06-09T20:15:10.327`) -* [CVE-2023-26465](CVE-2023/CVE-2023-264xx/CVE-2023-26465.json) (`2023-06-09T21:15:09.413`) -* [CVE-2023-29751](CVE-2023/CVE-2023-297xx/CVE-2023-29751.json) (`2023-06-09T21:15:09.497`) -* [CVE-2023-29753](CVE-2023/CVE-2023-297xx/CVE-2023-29753.json) (`2023-06-09T21:15:09.537`) -* [CVE-2023-3187](CVE-2023/CVE-2023-31xx/CVE-2023-3187.json) (`2023-06-09T21:15:09.583`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `32` -* [CVE-2022-39286](CVE-2022/CVE-2022-392xx/CVE-2022-39286.json) (`2023-06-09T20:15:09.533`) -* [CVE-2023-27706](CVE-2023/CVE-2023-277xx/CVE-2023-27706.json) (`2023-06-09T20:40:34.737`) -* [CVE-2023-29713](CVE-2023/CVE-2023-297xx/CVE-2023-29713.json) (`2023-06-09T20:40:34.737`) -* [CVE-2023-29714](CVE-2023/CVE-2023-297xx/CVE-2023-29714.json) (`2023-06-09T20:40:34.737`) -* [CVE-2023-2454](CVE-2023/CVE-2023-24xx/CVE-2023-2454.json) (`2023-06-09T20:40:34.737`) -* [CVE-2023-2455](CVE-2023/CVE-2023-24xx/CVE-2023-2455.json) (`2023-06-09T20:40:34.737`) -* [CVE-2023-28469](CVE-2023/CVE-2023-284xx/CVE-2023-28469.json) (`2023-06-09T21:56:17.860`) -* [CVE-2023-30604](CVE-2023/CVE-2023-306xx/CVE-2023-30604.json) (`2023-06-09T21:56:34.763`) +* [CVE-2022-48392](CVE-2022/CVE-2022-483xx/CVE-2022-48392.json) (`2023-06-09T23:12:57.930`) +* [CVE-2022-48438](CVE-2022/CVE-2022-484xx/CVE-2022-48438.json) (`2023-06-09T23:15:14.740`) +* [CVE-2022-48439](CVE-2022/CVE-2022-484xx/CVE-2022-48439.json) (`2023-06-09T23:46:10.760`) +* [CVE-2023-30602](CVE-2023/CVE-2023-306xx/CVE-2023-30602.json) (`2023-06-09T22:15:57.583`) +* [CVE-2023-2835](CVE-2023/CVE-2023-28xx/CVE-2023-2835.json) (`2023-06-09T22:15:58.560`) +* [CVE-2023-30603](CVE-2023/CVE-2023-306xx/CVE-2023-30603.json) (`2023-06-09T22:16:45.347`) +* [CVE-2023-3032](CVE-2023/CVE-2023-30xx/CVE-2023-3032.json) (`2023-06-09T22:23:49.387`) +* [CVE-2023-3033](CVE-2023/CVE-2023-30xx/CVE-2023-3033.json) (`2023-06-09T22:33:28.580`) +* [CVE-2023-32766](CVE-2023/CVE-2023-327xx/CVE-2023-32766.json) (`2023-06-09T22:42:16.930`) +* [CVE-2023-33386](CVE-2023/CVE-2023-333xx/CVE-2023-33386.json) (`2023-06-09T22:42:31.397`) +* [CVE-2023-33409](CVE-2023/CVE-2023-334xx/CVE-2023-33409.json) (`2023-06-09T22:45:58.233`) +* [CVE-2023-33408](CVE-2023/CVE-2023-334xx/CVE-2023-33408.json) (`2023-06-09T22:47:21.147`) +* [CVE-2023-2488](CVE-2023/CVE-2023-24xx/CVE-2023-2488.json) (`2023-06-09T22:49:23.527`) +* [CVE-2023-33410](CVE-2023/CVE-2023-334xx/CVE-2023-33410.json) (`2023-06-09T22:51:17.167`) +* [CVE-2023-3111](CVE-2023/CVE-2023-31xx/CVE-2023-3111.json) (`2023-06-09T22:51:48.550`) +* [CVE-2023-2489](CVE-2023/CVE-2023-24xx/CVE-2023-2489.json) (`2023-06-09T22:52:37.763`) +* [CVE-2023-29344](CVE-2023/CVE-2023-293xx/CVE-2023-29344.json) (`2023-06-09T22:53:57.897`) +* [CVE-2023-22862](CVE-2023/CVE-2023-228xx/CVE-2023-22862.json) (`2023-06-09T22:54:45.870`) +* [CVE-2023-33524](CVE-2023/CVE-2023-335xx/CVE-2023-33524.json) (`2023-06-09T22:54:48.677`) +* [CVE-2023-3109](CVE-2023/CVE-2023-31xx/CVE-2023-3109.json) (`2023-06-09T22:56:20.547`) +* [CVE-2023-33733](CVE-2023/CVE-2023-337xx/CVE-2023-33733.json) (`2023-06-09T22:58:22.683`) +* [CVE-2023-3119](CVE-2023/CVE-2023-31xx/CVE-2023-3119.json) (`2023-06-09T23:01:04.807`) +* [CVE-2023-27285](CVE-2023/CVE-2023-272xx/CVE-2023-27285.json) (`2023-06-09T23:02:39.303`) +* [CVE-2023-3120](CVE-2023/CVE-2023-31xx/CVE-2023-3120.json) (`2023-06-09T23:04:57.477`) +* [CVE-2023-0041](CVE-2023/CVE-2023-00xx/CVE-2023-0041.json) (`2023-06-09T23:50:50.877`) ## Download and Usage