diff --git a/CVE-2020/CVE-2020-226xx/CVE-2020-22623.json b/CVE-2020/CVE-2020-226xx/CVE-2020-22623.json new file mode 100644 index 00000000000..df56ab79edc --- /dev/null +++ b/CVE-2020/CVE-2020-226xx/CVE-2020-22623.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2020-22623", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-27T20:15:09.790", + "lastModified": "2023-07-27T20:15:09.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://jinfornet.com", + "source": "cve@mitre.org" + }, + { + "url": "http://jreport.com", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@nguyenhongphu/cve-2020-22623-jinfornet-jreport-unauthenticated-path-traversal-arbitrary-file-download-83224cef32c8", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json index 25cd68d9909..5210d295306 100644 --- a/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json +++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json @@ -2,7 +2,7 @@ "id": "CVE-2023-1380", "sourceIdentifier": "secalert@redhat.com", "published": "2023-03-27T21:15:10.623", - "lastModified": "2023-07-26T17:15:09.893", + "lastModified": "2023-07-27T21:15:09.963", "vulnStatus": "Modified", "descriptions": [ { @@ -337,6 +337,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "secalert@redhat.com" + }, { "url": "https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20593.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20593.json index 1b0804048b7..21d94a33e17 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20593.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20593.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20593", "sourceIdentifier": "psirt@amd.com", "published": "2023-07-24T20:15:10.237", - "lastModified": "2023-07-27T05:15:10.213", + "lastModified": "2023-07-27T21:15:10.260", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -68,6 +68,10 @@ "url": "https://cmpxchg8b.com/zenbleed.html", "source": "psirt@amd.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "psirt@amd.com" + }, { "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008", "source": "psirt@amd.com" diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json index 427ec536269..9382fff1243 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2002", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-26T17:15:14.113", - "lastModified": "2023-06-08T14:43:55.723", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-27T21:15:10.503", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,6 +75,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "secalert@redhat.com" + }, { "url": "https://www.openwall.com/lists/oss-security/2023/04/16/3", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json index a24ef75a000..dc0580c9ad3 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2007", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-24T23:15:18.877", - "lastModified": "2023-05-04T18:24:30.803", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-27T21:15:10.687", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -81,6 +81,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2269.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2269.json index 40e9ac3630c..8e5533dc45c 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2269.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2269.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2269", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-25T21:15:10.627", - "lastModified": "2023-07-06T04:15:11.253", + "lastModified": "2023-07-27T21:15:11.317", "vulnStatus": "Modified", "descriptions": [ { @@ -99,6 +99,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63AJUCJTZCII2JMAF7MGZEM66KY7IALT/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23764.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23764.json new file mode 100644 index 00000000000..92d87b9297c --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23764.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-23764", + "sourceIdentifier": "product-cna@github.com", + "published": "2023-07-27T21:15:10.347", + "lastModified": "2023-07-27T21:15:10.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "references": [ + { + "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1", + "source": "product-cna@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-303xx/CVE-2023-30367.json b/CVE-2023/CVE-2023-303xx/CVE-2023-30367.json index 61114b260ce..5161f902cc6 100644 --- a/CVE-2023/CVE-2023-303xx/CVE-2023-30367.json +++ b/CVE-2023/CVE-2023-303xx/CVE-2023-30367.json @@ -2,12 +2,12 @@ "id": "CVE-2023-30367", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-26T21:15:09.980", - "lastModified": "2023-07-26T21:40:11.047", + "lastModified": "2023-07-27T20:15:09.950", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory." + "value": "Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json index 542389b9860..802ba869946 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3090", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-06-28T20:15:09.693", - "lastModified": "2023-07-06T16:09:37.657", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-27T21:15:14.537", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -127,6 +127,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "cve-coordination@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5448", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31084.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31084.json index e95dfc9db50..dd28dd78197 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31084.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31084.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31084", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-24T06:15:07.997", - "lastModified": "2023-07-06T04:15:11.373", + "lastModified": "2023-07-27T21:15:11.747", "vulnStatus": "Modified", "descriptions": [ { @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json index b25f5adcccf..f344febeb9b 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3111", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-05T21:15:11.377", - "lastModified": "2023-07-03T16:15:10.300", + "lastModified": "2023-07-27T21:15:14.653", "vulnStatus": "Modified", "descriptions": [ { @@ -80,6 +80,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "secalert@redhat.com" + }, { "url": "https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3141.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3141.json index c31289c7555..360f909a7d8 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3141.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3141.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3141", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-09T20:15:10.327", - "lastModified": "2023-07-06T19:15:10.957", + "lastModified": "2023-07-27T21:15:14.750", "vulnStatus": "Modified", "descriptions": [ { @@ -83,6 +83,10 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7", "source": "secalert@redhat.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "secalert@redhat.com" + }, { "url": "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32233.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32233.json index 6369bcdf3d4..13faeb99d74 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32233.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32233.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32233", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-08T20:15:20.267", - "lastModified": "2023-06-22T15:15:13.017", + "lastModified": "2023-07-27T21:15:13.497", "vulnStatus": "Modified", "descriptions": [ { @@ -126,6 +126,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html", "source": "cve@mitre.org" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "cve@mitre.org" + }, { "url": "https://news.ycombinator.com/item?id=35879660", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3268.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3268.json index e4581170a5d..6c86886a90a 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3268.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3268.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3268", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-16T19:15:14.707", - "lastModified": "2023-07-06T04:15:11.950", + "lastModified": "2023-07-27T21:15:14.850", "vulnStatus": "Modified", "descriptions": [ { @@ -75,6 +75,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "secalert@redhat.com" + }, { "url": "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33742.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33742.json new file mode 100644 index 00000000000..18c9e68b79d --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33742.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33742", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-27T21:15:13.650", + "lastModified": "2023-07-27T21:15:13.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/173764/RoomCast-TA-2400-Cleartext-Private-Key-Improper-Access-Control.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33743.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33743.json new file mode 100644 index 00000000000..ba0d24b5e2e --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33743.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33743", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-27T21:15:13.713", + "lastModified": "2023-07-27T21:15:13.713", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/173764/RoomCast-TA-2400-Cleartext-Private-Key-Improper-Access-Control.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33744.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33744.json new file mode 100644 index 00000000000..e49c65091f0 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33744.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33744", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-27T21:15:13.780", + "lastModified": "2023-07-27T21:15:13.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/173764/RoomCast-TA-2400-Cleartext-Private-Key-Improper-Access-Control.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33745.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33745.json new file mode 100644 index 00000000000..c45c5b21cf7 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33745.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33745", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-27T21:15:13.850", + "lastModified": "2023-07-27T21:15:13.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password)." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/173764/RoomCast-TA-2400-Cleartext-Private-Key-Improper-Access-Control.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json index a484990e191..235487efc4e 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3338", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-30T22:15:10.270", - "lastModified": "2023-07-24T16:15:12.323", + "lastModified": "2023-07-27T21:15:14.950", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218618", "source": "secalert@redhat.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "secalert@redhat.com" + }, { "url": "https://seclists.org/oss-sec/2023/q2/276", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json index e62c1c3da7b..aebe4fe7b15 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34256", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-31T20:15:10.817", - "lastModified": "2023-06-07T16:11:47.793", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-27T21:15:13.920", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -119,6 +119,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "cve@mitre.org" + }, { "url": "https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json index 46ddafe8995..b9937e72621 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35788", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T21:15:09.340", - "lastModified": "2023-07-21T19:20:17.497", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-27T21:15:14.087", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -240,6 +240,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "cve@mitre.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20230714-0002/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35823.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35823.json index c36ccd4a236..e5ab929ae32 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35823.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35823.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35823", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-18T22:15:09.187", - "lastModified": "2023-06-26T17:17:42.043", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-27T21:15:14.230", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -85,6 +85,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "cve@mitre.org" + }, { "url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35824.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35824.json index a7c73b948e5..a25f2788a2b 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35824.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35824.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35824", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-18T22:15:09.240", - "lastModified": "2023-06-26T17:18:01.807", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-27T21:15:14.330", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -85,6 +85,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "cve@mitre.org" + }, { "url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35828.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35828.json index 9bf618777c7..39f535f4c8b 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35828.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35828.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35828", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-18T22:15:09.417", - "lastModified": "2023-06-26T16:56:25.930", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-27T21:15:14.410", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "source": "cve@mitre.org" + }, { "url": "https://lore.kernel.org/all/20230327121700.52d881e0@canb.auug.org.au/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3577.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3577.json index 4baa5d814c8..6cc84a9fa77 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3577.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3577.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3577", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-07-17T16:15:10.330", - "lastModified": "2023-07-17T17:31:42.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-27T20:04:24.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.8.0", + "versionEndExcluding": "7.8.7", + "matchCriteriaId": "3F71A811-27D2-4953-9C3A-4AC6B27AF1A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.10.0", + "versionEndExcluding": "7.10.3", + "matchCriteriaId": "401CC11A-1059-44A2-87BA-601024BD178E" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36942.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36942.json new file mode 100644 index 00000000000..fd0042f5296 --- /dev/null +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36942.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-36942", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-27T20:15:10.027", + "lastModified": "2023-07-27T20:15:10.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/@ridheshgohil1092/cve-2023-36942-xss-on-online-fire-reporting-system-v-1-2-19357e54978c", + "source": "cve@mitre.org" + }, + { + "url": "https://packetstormsecurity.com", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f7791603015..d8922538a2f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-27T20:00:29.517066+00:00 +2023-07-27T22:00:27.570304+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-27T19:59:26.280000+00:00 +2023-07-27T21:15:14.950000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221170 +221177 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `7` -* [CVE-2021-36580](CVE-2021/CVE-2021-365xx/CVE-2021-36580.json) (`2023-07-27T18:15:09.893`) -* [CVE-2022-31200](CVE-2022/CVE-2022-312xx/CVE-2022-31200.json) (`2023-07-27T19:15:09.887`) -* [CVE-2023-36941](CVE-2023/CVE-2023-369xx/CVE-2023-36941.json) (`2023-07-27T18:15:10.353`) -* [CVE-2023-38495](CVE-2023/CVE-2023-384xx/CVE-2023-38495.json) (`2023-07-27T19:15:10.010`) -* [CVE-2023-38504](CVE-2023/CVE-2023-385xx/CVE-2023-38504.json) (`2023-07-27T19:15:10.117`) -* [CVE-2023-38505](CVE-2023/CVE-2023-385xx/CVE-2023-38505.json) (`2023-07-27T19:15:10.217`) -* [CVE-2023-38510](CVE-2023/CVE-2023-385xx/CVE-2023-38510.json) (`2023-07-27T19:15:10.313`) -* [CVE-2023-3980](CVE-2023/CVE-2023-39xx/CVE-2023-3980.json) (`2023-07-27T19:15:10.427`) -* [CVE-2023-3981](CVE-2023/CVE-2023-39xx/CVE-2023-3981.json) (`2023-07-27T19:15:10.523`) -* [CVE-2023-3982](CVE-2023/CVE-2023-39xx/CVE-2023-3982.json) (`2023-07-27T19:15:10.610`) +* [CVE-2020-22623](CVE-2020/CVE-2020-226xx/CVE-2020-22623.json) (`2023-07-27T20:15:09.790`) +* [CVE-2023-36942](CVE-2023/CVE-2023-369xx/CVE-2023-36942.json) (`2023-07-27T20:15:10.027`) +* [CVE-2023-23764](CVE-2023/CVE-2023-237xx/CVE-2023-23764.json) (`2023-07-27T21:15:10.347`) +* [CVE-2023-33742](CVE-2023/CVE-2023-337xx/CVE-2023-33742.json) (`2023-07-27T21:15:13.650`) +* [CVE-2023-33743](CVE-2023/CVE-2023-337xx/CVE-2023-33743.json) (`2023-07-27T21:15:13.713`) +* [CVE-2023-33744](CVE-2023/CVE-2023-337xx/CVE-2023-33744.json) (`2023-07-27T21:15:13.780`) +* [CVE-2023-33745](CVE-2023/CVE-2023-337xx/CVE-2023-33745.json) (`2023-07-27T21:15:13.850`) ### CVEs modified in the last Commit -Recently modified CVEs: `42` +Recently modified CVEs: `19` -* [CVE-2023-34394](CVE-2023/CVE-2023-343xx/CVE-2023-34394.json) (`2023-07-27T18:21:19.443`) -* [CVE-2023-33832](CVE-2023/CVE-2023-338xx/CVE-2023-33832.json) (`2023-07-27T18:50:29.473`) -* [CVE-2023-3300](CVE-2023/CVE-2023-33xx/CVE-2023-3300.json) (`2023-07-27T19:22:42.110`) -* [CVE-2023-3591](CVE-2023/CVE-2023-35xx/CVE-2023-3591.json) (`2023-07-27T19:23:15.350`) -* [CVE-2023-3590](CVE-2023/CVE-2023-35xx/CVE-2023-3590.json) (`2023-07-27T19:23:33.557`) -* [CVE-2023-3586](CVE-2023/CVE-2023-35xx/CVE-2023-3586.json) (`2023-07-27T19:37:49.247`) -* [CVE-2023-3587](CVE-2023/CVE-2023-35xx/CVE-2023-3587.json) (`2023-07-27T19:40:35.700`) -* [CVE-2023-3581](CVE-2023/CVE-2023-35xx/CVE-2023-3581.json) (`2023-07-27T19:46:40.130`) -* [CVE-2023-37474](CVE-2023/CVE-2023-374xx/CVE-2023-37474.json) (`2023-07-27T19:47:11.887`) -* [CVE-2023-37480](CVE-2023/CVE-2023-374xx/CVE-2023-37480.json) (`2023-07-27T19:47:29.237`) -* [CVE-2023-37481](CVE-2023/CVE-2023-374xx/CVE-2023-37481.json) (`2023-07-27T19:48:07.587`) -* [CVE-2023-0160](CVE-2023/CVE-2023-01xx/CVE-2023-0160.json) (`2023-07-27T19:48:36.727`) -* [CVE-2023-25839](CVE-2023/CVE-2023-258xx/CVE-2023-25839.json) (`2023-07-27T19:48:48.527`) -* [CVE-2023-22051](CVE-2023/CVE-2023-220xx/CVE-2023-22051.json) (`2023-07-27T19:49:02.660`) -* [CVE-2023-3582](CVE-2023/CVE-2023-35xx/CVE-2023-3582.json) (`2023-07-27T19:49:10.477`) -* [CVE-2023-22055](CVE-2023/CVE-2023-220xx/CVE-2023-22055.json) (`2023-07-27T19:49:14.280`) -* [CVE-2023-22060](CVE-2023/CVE-2023-220xx/CVE-2023-22060.json) (`2023-07-27T19:49:22.710`) -* [CVE-2023-37259](CVE-2023/CVE-2023-372xx/CVE-2023-37259.json) (`2023-07-27T19:50:08.540`) -* [CVE-2023-3584](CVE-2023/CVE-2023-35xx/CVE-2023-3584.json) (`2023-07-27T19:50:14.210`) -* [CVE-2023-3299](CVE-2023/CVE-2023-32xx/CVE-2023-3299.json) (`2023-07-27T19:50:41.783`) -* [CVE-2023-3072](CVE-2023/CVE-2023-30xx/CVE-2023-3072.json) (`2023-07-27T19:51:20.287`) -* [CVE-2023-2913](CVE-2023/CVE-2023-29xx/CVE-2023-2913.json) (`2023-07-27T19:51:33.973`) -* [CVE-2023-3700](CVE-2023/CVE-2023-37xx/CVE-2023-3700.json) (`2023-07-27T19:54:24.670`) -* [CVE-2023-3692](CVE-2023/CVE-2023-36xx/CVE-2023-3692.json) (`2023-07-27T19:56:48.617`) -* [CVE-2023-2959](CVE-2023/CVE-2023-29xx/CVE-2023-2959.json) (`2023-07-27T19:59:26.280`) +* [CVE-2023-3577](CVE-2023/CVE-2023-35xx/CVE-2023-3577.json) (`2023-07-27T20:04:24.007`) +* [CVE-2023-30367](CVE-2023/CVE-2023-303xx/CVE-2023-30367.json) (`2023-07-27T20:15:09.950`) +* [CVE-2023-1380](CVE-2023/CVE-2023-13xx/CVE-2023-1380.json) (`2023-07-27T21:15:09.963`) +* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-07-27T21:15:10.260`) +* [CVE-2023-2002](CVE-2023/CVE-2023-20xx/CVE-2023-2002.json) (`2023-07-27T21:15:10.503`) +* [CVE-2023-2007](CVE-2023/CVE-2023-20xx/CVE-2023-2007.json) (`2023-07-27T21:15:10.687`) +* [CVE-2023-2269](CVE-2023/CVE-2023-22xx/CVE-2023-2269.json) (`2023-07-27T21:15:11.317`) +* [CVE-2023-31084](CVE-2023/CVE-2023-310xx/CVE-2023-31084.json) (`2023-07-27T21:15:11.747`) +* [CVE-2023-32233](CVE-2023/CVE-2023-322xx/CVE-2023-32233.json) (`2023-07-27T21:15:13.497`) +* [CVE-2023-34256](CVE-2023/CVE-2023-342xx/CVE-2023-34256.json) (`2023-07-27T21:15:13.920`) +* [CVE-2023-35788](CVE-2023/CVE-2023-357xx/CVE-2023-35788.json) (`2023-07-27T21:15:14.087`) +* [CVE-2023-35823](CVE-2023/CVE-2023-358xx/CVE-2023-35823.json) (`2023-07-27T21:15:14.230`) +* [CVE-2023-35824](CVE-2023/CVE-2023-358xx/CVE-2023-35824.json) (`2023-07-27T21:15:14.330`) +* [CVE-2023-35828](CVE-2023/CVE-2023-358xx/CVE-2023-35828.json) (`2023-07-27T21:15:14.410`) +* [CVE-2023-3090](CVE-2023/CVE-2023-30xx/CVE-2023-3090.json) (`2023-07-27T21:15:14.537`) +* [CVE-2023-3111](CVE-2023/CVE-2023-31xx/CVE-2023-3111.json) (`2023-07-27T21:15:14.653`) +* [CVE-2023-3141](CVE-2023/CVE-2023-31xx/CVE-2023-3141.json) (`2023-07-27T21:15:14.750`) +* [CVE-2023-3268](CVE-2023/CVE-2023-32xx/CVE-2023-3268.json) (`2023-07-27T21:15:14.850`) +* [CVE-2023-3338](CVE-2023/CVE-2023-33xx/CVE-2023-3338.json) (`2023-07-27T21:15:14.950`) ## Download and Usage