Auto-Update: 2023-06-01T06:00:24.395668+00:00

CVE-2010/CVE-2010-100xx/CVE-2010-10010.json

@@ -0,0 +1,96 @@
+{
+  "id": "CVE-2010-10010",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-06-01T05:15:09.503",
+  "lastModified": "2023-06-01T05:15:09.503",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The name of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://www.psychostats.com/forums/index.php?showtopic=20796&hl=",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/StarsAlliance/PsychoStats/commit/5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/StarsAlliance/PsychoStats/releases/tag/3.2.2b",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.230265",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.230265",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-245xx/CVE-2023-24584.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-24584",
+  "sourceIdentifier": "disclosures@gallagher.com",
+  "published": "2023-06-01T05:15:09.767",
+  "lastModified": "2023-06-01T05:15:09.767",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \n\n\n\n\nThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\u00a0all versions of vCR8.40 and prior.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "disclosures@gallagher.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "disclosures@gallagher.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584",
+      "source": "disclosures@gallagher.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-337xx/CVE-2023-33778.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-33778",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-01T04:15:10.313",
+  "lastModified": "2023-06-01T04:15:10.313",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-339xx/CVE-2023-33942.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-33942",
   "sourceIdentifier": "security@liferay.com",
   "published": "2023-05-24T15:15:09.807",
-  "lastModified": "2023-05-31T20:38:53.780",
+  "lastModified": "2023-06-01T04:15:10.607",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -37,19 +37,19 @@
         "type": "Secondary",
         "cvssData": {
           "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "LOW",
-          "userInteraction": "NONE",
+          "userInteraction": "REQUIRED",
           "scope": "CHANGED",
           "confidentialityImpact": "LOW",
           "integrityImpact": "LOW",
           "availabilityImpact": "NONE",
-          "baseScore": 6.4,
+          "baseScore": 5.4,
           "baseSeverity": "MEDIUM"
         },
-        "exploitabilityScore": 3.1,
+        "exploitabilityScore": 2.3,
         "impactScore": 2.7
       }
     ]

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-06-01T04:00:25.080359+00:00
+2023-06-01T06:00:24.395668+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-06-01T03:55:35.047000+00:00
+2023-06-01T05:15:09.767000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,59 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-216602
+216605
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `15`
+Recently added CVEs: `3`
 
-* [CVE-2022-35742](CVE-2022/CVE-2022-357xx/CVE-2022-35742.json) (`2023-06-01T02:15:09.420`)
+* [CVE-2010-10010](CVE-2010/CVE-2010-100xx/CVE-2010-10010.json) (`2023-06-01T05:15:09.503`)
-* [CVE-2023-28399](CVE-2023/CVE-2023-283xx/CVE-2023-28399.json) (`2023-06-01T02:15:09.497`)
+* [CVE-2023-33778](CVE-2023/CVE-2023-337xx/CVE-2023-33778.json) (`2023-06-01T04:15:10.313`)
-* [CVE-2023-28651](CVE-2023/CVE-2023-286xx/CVE-2023-28651.json) (`2023-06-01T02:15:09.550`)
+* [CVE-2023-24584](CVE-2023/CVE-2023-245xx/CVE-2023-24584.json) (`2023-06-01T05:15:09.767`)
-* [CVE-2023-28657](CVE-2023/CVE-2023-286xx/CVE-2023-28657.json) (`2023-06-01T02:15:09.597`)
-* [CVE-2023-28713](CVE-2023/CVE-2023-287xx/CVE-2023-28713.json) (`2023-06-01T02:15:09.637`)
-* [CVE-2023-28824](CVE-2023/CVE-2023-288xx/CVE-2023-28824.json) (`2023-06-01T02:15:09.673`)
-* [CVE-2023-28937](CVE-2023/CVE-2023-289xx/CVE-2023-28937.json) (`2023-06-01T02:15:09.717`)
-* [CVE-2023-29154](CVE-2023/CVE-2023-291xx/CVE-2023-29154.json) (`2023-06-01T02:15:09.760`)
-* [CVE-2023-29159](CVE-2023/CVE-2023-291xx/CVE-2023-29159.json) (`2023-06-01T02:15:09.803`)
-* [CVE-2023-30758](CVE-2023/CVE-2023-307xx/CVE-2023-30758.json) (`2023-06-01T02:15:09.847`)
-* [CVE-2023-29748](CVE-2023/CVE-2023-297xx/CVE-2023-29748.json) (`2023-06-01T03:15:20.500`)
-* [CVE-2023-33461](CVE-2023/CVE-2023-334xx/CVE-2023-33461.json) (`2023-06-01T03:15:20.547`)
-* [CVE-2023-33716](CVE-2023/CVE-2023-337xx/CVE-2023-33716.json) (`2023-06-01T03:15:20.590`)
-* [CVE-2023-33719](CVE-2023/CVE-2023-337xx/CVE-2023-33719.json) (`2023-06-01T03:15:20.630`)
-* [CVE-2023-34312](CVE-2023/CVE-2023-343xx/CVE-2023-34312.json) (`2023-06-01T03:15:20.673`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `34`
+Recently modified CVEs: `1`
 
-* [CVE-2023-29721](CVE-2023/CVE-2023-297xx/CVE-2023-29721.json) (`2023-06-01T02:27:07.810`)
+* [CVE-2023-33942](CVE-2023/CVE-2023-339xx/CVE-2023-33942.json) (`2023-06-01T04:15:10.607`)
-* [CVE-2023-29098](CVE-2023/CVE-2023-290xx/CVE-2023-29098.json) (`2023-06-01T02:59:23.130`)
-* [CVE-2023-25971](CVE-2023/CVE-2023-259xx/CVE-2023-25971.json) (`2023-06-01T03:41:31.710`)
-* [CVE-2023-25976](CVE-2023/CVE-2023-259xx/CVE-2023-25976.json) (`2023-06-01T03:42:16.540`)
-* [CVE-2023-22693](CVE-2023/CVE-2023-226xx/CVE-2023-22693.json) (`2023-06-01T03:42:54.217`)
-* [CVE-2023-24008](CVE-2023/CVE-2023-240xx/CVE-2023-24008.json) (`2023-06-01T03:43:44.337`)
-* [CVE-2023-30145](CVE-2023/CVE-2023-301xx/CVE-2023-30145.json) (`2023-06-01T03:44:11.957`)
-* [CVE-2023-32964](CVE-2023/CVE-2023-329xx/CVE-2023-32964.json) (`2023-06-01T03:44:21.340`)
-* [CVE-2023-2922](CVE-2023/CVE-2023-29xx/CVE-2023-2922.json) (`2023-06-01T03:44:39.733`)
-* [CVE-2023-2943](CVE-2023/CVE-2023-29xx/CVE-2023-2943.json) (`2023-06-01T03:45:56.243`)
-* [CVE-2023-2945](CVE-2023/CVE-2023-29xx/CVE-2023-2945.json) (`2023-06-01T03:46:34.900`)
-* [CVE-2023-2946](CVE-2023/CVE-2023-29xx/CVE-2023-2946.json) (`2023-06-01T03:46:57.990`)
-* [CVE-2023-2947](CVE-2023/CVE-2023-29xx/CVE-2023-2947.json) (`2023-06-01T03:47:19.823`)
-* [CVE-2023-2949](CVE-2023/CVE-2023-29xx/CVE-2023-2949.json) (`2023-06-01T03:51:11.007`)
-* [CVE-2023-2948](CVE-2023/CVE-2023-29xx/CVE-2023-2948.json) (`2023-06-01T03:51:17.350`)
-* [CVE-2023-2950](CVE-2023/CVE-2023-29xx/CVE-2023-2950.json) (`2023-06-01T03:51:57.090`)
-* [CVE-2023-2951](CVE-2023/CVE-2023-29xx/CVE-2023-2951.json) (`2023-06-01T03:52:51.403`)
-* [CVE-2023-28785](CVE-2023/CVE-2023-287xx/CVE-2023-28785.json) (`2023-06-01T03:53:04.007`)
-* [CVE-2023-32800](CVE-2023/CVE-2023-328xx/CVE-2023-32800.json) (`2023-06-01T03:53:13.993`)
-* [CVE-2023-33332](CVE-2023/CVE-2023-333xx/CVE-2023-33332.json) (`2023-06-01T03:53:26.527`)
-* [CVE-2023-33319](CVE-2023/CVE-2023-333xx/CVE-2023-33319.json) (`2023-06-01T03:53:32.010`)
-* [CVE-2023-33211](CVE-2023/CVE-2023-332xx/CVE-2023-33211.json) (`2023-06-01T03:53:38.500`)
-* [CVE-2023-33311](CVE-2023/CVE-2023-333xx/CVE-2023-33311.json) (`2023-06-01T03:53:43.727`)
-* [CVE-2023-2944](CVE-2023/CVE-2023-29xx/CVE-2023-2944.json) (`2023-06-01T03:54:29.820`)
-* [CVE-2023-2942](CVE-2023/CVE-2023-29xx/CVE-2023-2942.json) (`2023-06-01T03:55:35.047`)
 
 
 ## Download and Usage