diff --git a/CVE-2022/CVE-2022-41xx/CVE-2022-4141.json b/CVE-2022/CVE-2022-41xx/CVE-2022-4141.json index 277f9d61e21..dc11bcdb90e 100644 --- a/CVE-2022/CVE-2022-41xx/CVE-2022-4141.json +++ b/CVE-2022/CVE-2022-41xx/CVE-2022-4141.json @@ -2,7 +2,7 @@ "id": "CVE-2022-4141", "sourceIdentifier": "security@huntr.dev", "published": "2022-11-25T14:15:10.737", - "lastModified": "2023-05-03T12:16:39.710", + "lastModified": "2023-06-12T20:15:10.410", "vulnStatus": "Modified", "descriptions": [ { @@ -135,6 +135,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html", + "source": "security@huntr.dev" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AZ3JMSUCR6Y7626RDWQ2HNSUFIQOJ33G/", "source": "security@huntr.dev", diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43777.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43777.json new file mode 100644 index 00000000000..35da062d497 --- /dev/null +++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43777.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-43777", + "sourceIdentifier": "hp-security-alert@hp.com", + "published": "2023-06-12T20:15:10.310", + "lastModified": "2023-06-12T20:15:10.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835", + "source": "hp-security-alert@hp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43778.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43778.json new file mode 100644 index 00000000000..46ea6b4145f --- /dev/null +++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43778.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-43778", + "sourceIdentifier": "hp-security-alert@hp.com", + "published": "2023-06-12T20:15:10.360", + "lastModified": "2023-06-12T20:15:10.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835", + "source": "hp-security-alert@hp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0054.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0054.json index 3e0adc5150f..f4fd3d155ca 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0054.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0054.json @@ -2,7 +2,7 @@ "id": "CVE-2023-0054", "sourceIdentifier": "security@huntr.dev", "published": "2023-01-04T19:15:09.573", - "lastModified": "2023-05-03T12:16:43.723", + "lastModified": "2023-06-12T20:15:10.530", "vulnStatus": "Modified", "descriptions": [ { @@ -107,6 +107,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html", + "source": "security@huntr.dev" + }, { "url": "https://security.gentoo.org/glsa/202305-16", "source": "security@huntr.dev" diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1175.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1175.json index 52a950b402b..b5e53adf4bf 100644 --- a/CVE-2023/CVE-2023-11xx/CVE-2023-1175.json +++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1175.json @@ -2,7 +2,7 @@ "id": "CVE-2023-1175", "sourceIdentifier": "security@huntr.dev", "published": "2023-03-04T16:15:09.533", - "lastModified": "2023-04-02T03:15:10.070", + "lastModified": "2023-06-12T20:15:11.310", "vulnStatus": "Modified", "descriptions": [ { @@ -103,6 +103,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html", + "source": "security@huntr.dev" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/", "source": "security@huntr.dev" diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1897.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1897.json new file mode 100644 index 00000000000..178f4b235fe --- /dev/null +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1897.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1897", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-06-12T20:15:11.417", + "lastModified": "2023-06-12T20:15:11.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user\u2019s browser, which could allow an attacker with access to the user\u2019s computer to gain credential information of the controller." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1898.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1898.json new file mode 100644 index 00000000000..27dcd8c7b9d --- /dev/null +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1898.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1898", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-06-12T20:15:11.527", + "lastModified": "2023-06-12T20:15:11.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user\u2019s session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-334" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1899.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1899.json new file mode 100644 index 00000000000..a2afb0ad27c --- /dev/null +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1899.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1899", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-06-12T20:15:11.610", + "lastModified": "2023-06-12T20:15:11.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2610.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2610.json index df63806623d..53dd73d5738 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2610.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2610.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2610", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-09T22:15:10.197", - "lastModified": "2023-05-24T05:15:12.677", + "lastModified": "2023-06-12T20:15:11.783", "vulnStatus": "Modified", "descriptions": [ { @@ -102,6 +102,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html", + "source": "security@huntr.dev" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/", "source": "security@huntr.dev" diff --git a/CVE-2023/CVE-2023-277xx/CVE-2023-27716.json b/CVE-2023/CVE-2023-277xx/CVE-2023-27716.json new file mode 100644 index 00000000000..142afda4884 --- /dev/null +++ b/CVE-2023/CVE-2023-277xx/CVE-2023-27716.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-27716", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T21:15:22.543", + "lastModified": "2023-06-12T21:15:22.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/G-H-Z/CVE/blob/main/CVE-2023-27716", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28478.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28478.json new file mode 100644 index 00000000000..b5e94daf4e4 --- /dev/null +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28478.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-28478", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:11.717", + "lastModified": "2023-06-12T20:15:11.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0006.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31475.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31475.json index 476a5fee722..acdda3b74fc 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31475.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31475.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31475", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-11T11:15:09.147", - "lastModified": "2023-05-22T18:24:21.417", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-12T20:15:12.203", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -953,6 +953,10 @@ "Third Party Advisory" ] }, + { + "url": "https://justinapplegate.me/2023/glinet-CVE-2023-31475/", + "source": "cve@mitre.org" + }, { "url": "https://www.gl-inet.com", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3159.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3159.json new file mode 100644 index 00000000000..120afd941b5 --- /dev/null +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3159.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-3159", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-06-12T21:15:22.937", + "lastModified": "2023-06-12T21:15:22.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/torvalds/linux/commit/b7c81f80246fac44077166f3e07103affe6db8ff", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3161.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3161.json new file mode 100644 index 00000000000..163cc55f89a --- /dev/null +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3161.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-3161", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-06-12T20:15:12.910", + "lastModified": "2023-06-12T20:15:12.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1335" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32219.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32219.json new file mode 100644 index 00000000000..d43b4c9c676 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32219.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32219", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-06-12T21:15:22.597", + "lastModified": "2023-06-12T21:15:22.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Mazda model (2015-2016) can be unlocked via an unspecified method." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32220.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32220.json new file mode 100644 index 00000000000..91cf0690ce1 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32220.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32220", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-06-12T21:15:22.673", + "lastModified": "2023-06-12T21:15:22.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32221.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32221.json new file mode 100644 index 00000000000..a1a67c629e8 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32221.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32221", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-06-12T21:15:22.737", + "lastModified": "2023-06-12T21:15:22.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33622.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33622.json new file mode 100644 index 00000000000..e6f818ca695 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33622.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-33622", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:12.440", + "lastModified": "2023-06-12T20:15:12.440", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31475. Reason: This record is a reservation duplicate of CVE-2023-31475. Notes: All CVE users should reference CVE-2023-31475 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33623.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33623.json new file mode 100644 index 00000000000..5dd4fac0bc1 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33623.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-33623", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:12.500", + "lastModified": "2023-06-12T20:15:12.500", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31478. Reason: This record is a reservation duplicate of CVE-2023-31478. Notes: All CVE users should reference CVE-2023-31478 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33624.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33624.json new file mode 100644 index 00000000000..91048be19e6 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33624.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-33624", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:12.553", + "lastModified": "2023-06-12T20:15:12.553", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31472. Reason: This record is a reservation duplicate of CVE-2023-31472. Notes: All CVE users should reference CVE-2023-31472 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33625.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33625.json new file mode 100644 index 00000000000..2d255f6cd51 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33625.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-33625", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:12.610", + "lastModified": "2023-06-12T20:15:12.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection", + "source": "cve@mitre.org" + }, + { + "url": "https://hackmd.io/@naihsin/By2datZD2", + "source": "cve@mitre.org" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33626.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33626.json new file mode 100644 index 00000000000..b7971e66b2a --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33626.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-33626", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:12.667", + "lastModified": "2023-06-12T20:15:12.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow", + "source": "cve@mitre.org" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json index 0132e77a0e4..97d327e25d6 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34212", "sourceIdentifier": "security@apache.org", "published": "2023-06-12T16:15:10.043", - "lastModified": "2023-06-12T16:20:33.897", + "lastModified": "2023-06-12T21:15:22.797", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,6 +24,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/06/12/2", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34468.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34468.json index a8445a4e507..2d5d4a82616 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34468.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34468.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34468", "sourceIdentifier": "security@apache.org", "published": "2023-06-12T16:15:10.130", - "lastModified": "2023-06-12T16:20:33.897", + "lastModified": "2023-06-12T21:15:22.863", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,6 +24,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34940.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34940.json new file mode 100644 index 00000000000..38ba3a366b9 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34940.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34940", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:12.723", + "lastModified": "2023-06-12T20:15:12.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/URLFilterList_Stack_BOF.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34941.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34941.json new file mode 100644 index 00000000000..8180dd8cd73 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34941.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34941", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:12.780", + "lastModified": "2023-06-12T20:15:12.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/StoredXSS_FirewallURLFilter.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34942.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34942.json new file mode 100644 index 00000000000..ade6d607638 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34942.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34942", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T20:15:12.830", + "lastModified": "2023-06-12T20:15:12.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/MAC_Address_StackBOF.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0a91a7fa356..9b5221fc43c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-12T20:00:28.149453+00:00 +2023-06-12T22:00:28.423687+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-12T19:49:28.137000+00:00 +2023-06-12T21:15:22.937000+00:00 ``` ### Last Data Feed Release @@ -29,58 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -217459 +217479 ``` ### CVEs added in the last Commit -Recently added CVEs: `14` +Recently added CVEs: `20` -* [CVE-2022-36331](CVE-2022/CVE-2022-363xx/CVE-2022-36331.json) (`2023-06-12T18:15:09.747`) -* [CVE-2022-27539](CVE-2022/CVE-2022-275xx/CVE-2022-27539.json) (`2023-06-12T19:15:09.600`) -* [CVE-2022-27541](CVE-2022/CVE-2022-275xx/CVE-2022-27541.json) (`2023-06-12T19:15:09.677`) -* [CVE-2023-0431](CVE-2023/CVE-2023-04xx/CVE-2023-0431.json) (`2023-06-12T18:15:09.847`) -* [CVE-2023-1323](CVE-2023/CVE-2023-13xx/CVE-2023-1323.json) (`2023-06-12T18:15:09.910`) -* [CVE-2023-2362](CVE-2023/CVE-2023-23xx/CVE-2023-2362.json) (`2023-06-12T18:15:09.973`) -* [CVE-2023-2398](CVE-2023/CVE-2023-23xx/CVE-2023-2398.json) (`2023-06-12T18:15:10.037`) -* [CVE-2023-2568](CVE-2023/CVE-2023-25xx/CVE-2023-2568.json) (`2023-06-12T18:15:10.093`) -* [CVE-2023-2718](CVE-2023/CVE-2023-27xx/CVE-2023-2718.json) (`2023-06-12T18:15:10.167`) -* [CVE-2023-34334](CVE-2023/CVE-2023-343xx/CVE-2023-34334.json) (`2023-06-12T18:15:10.243`) -* [CVE-2023-34335](CVE-2023/CVE-2023-343xx/CVE-2023-34335.json) (`2023-06-12T18:15:10.320`) -* [CVE-2023-34336](CVE-2023/CVE-2023-343xx/CVE-2023-34336.json) (`2023-06-12T18:15:10.390`) -* [CVE-2023-34342](CVE-2023/CVE-2023-343xx/CVE-2023-34342.json) (`2023-06-12T18:15:10.463`) -* [CVE-2023-34343](CVE-2023/CVE-2023-343xx/CVE-2023-34343.json) (`2023-06-12T18:15:10.533`) +* [CVE-2022-43777](CVE-2022/CVE-2022-437xx/CVE-2022-43777.json) (`2023-06-12T20:15:10.310`) +* [CVE-2022-43778](CVE-2022/CVE-2022-437xx/CVE-2022-43778.json) (`2023-06-12T20:15:10.360`) +* [CVE-2023-1897](CVE-2023/CVE-2023-18xx/CVE-2023-1897.json) (`2023-06-12T20:15:11.417`) +* [CVE-2023-1898](CVE-2023/CVE-2023-18xx/CVE-2023-1898.json) (`2023-06-12T20:15:11.527`) +* [CVE-2023-1899](CVE-2023/CVE-2023-18xx/CVE-2023-1899.json) (`2023-06-12T20:15:11.610`) +* [CVE-2023-28478](CVE-2023/CVE-2023-284xx/CVE-2023-28478.json) (`2023-06-12T20:15:11.717`) +* [CVE-2023-33622](CVE-2023/CVE-2023-336xx/CVE-2023-33622.json) (`2023-06-12T20:15:12.440`) +* [CVE-2023-33623](CVE-2023/CVE-2023-336xx/CVE-2023-33623.json) (`2023-06-12T20:15:12.500`) +* [CVE-2023-33624](CVE-2023/CVE-2023-336xx/CVE-2023-33624.json) (`2023-06-12T20:15:12.553`) +* [CVE-2023-33625](CVE-2023/CVE-2023-336xx/CVE-2023-33625.json) (`2023-06-12T20:15:12.610`) +* [CVE-2023-33626](CVE-2023/CVE-2023-336xx/CVE-2023-33626.json) (`2023-06-12T20:15:12.667`) +* [CVE-2023-34940](CVE-2023/CVE-2023-349xx/CVE-2023-34940.json) (`2023-06-12T20:15:12.723`) +* [CVE-2023-34941](CVE-2023/CVE-2023-349xx/CVE-2023-34941.json) (`2023-06-12T20:15:12.780`) +* [CVE-2023-34942](CVE-2023/CVE-2023-349xx/CVE-2023-34942.json) (`2023-06-12T20:15:12.830`) +* [CVE-2023-3161](CVE-2023/CVE-2023-31xx/CVE-2023-3161.json) (`2023-06-12T20:15:12.910`) +* [CVE-2023-27716](CVE-2023/CVE-2023-277xx/CVE-2023-27716.json) (`2023-06-12T21:15:22.543`) +* [CVE-2023-32219](CVE-2023/CVE-2023-322xx/CVE-2023-32219.json) (`2023-06-12T21:15:22.597`) +* [CVE-2023-32220](CVE-2023/CVE-2023-322xx/CVE-2023-32220.json) (`2023-06-12T21:15:22.673`) +* [CVE-2023-32221](CVE-2023/CVE-2023-322xx/CVE-2023-32221.json) (`2023-06-12T21:15:22.737`) +* [CVE-2023-3159](CVE-2023/CVE-2023-31xx/CVE-2023-3159.json) (`2023-06-12T21:15:22.937`) ### CVEs modified in the last Commit -Recently modified CVEs: `25` +Recently modified CVEs: `7` -* [CVE-2019-25148](CVE-2019/CVE-2019-251xx/CVE-2019-25148.json) (`2023-06-12T18:10:40.977`) -* [CVE-2019-25147](CVE-2019/CVE-2019-251xx/CVE-2019-25147.json) (`2023-06-12T18:13:05.987`) -* [CVE-2020-36716](CVE-2020/CVE-2020-367xx/CVE-2020-36716.json) (`2023-06-12T19:23:42.477`) -* [CVE-2020-36715](CVE-2020/CVE-2020-367xx/CVE-2020-36715.json) (`2023-06-12T19:26:19.960`) -* [CVE-2020-36713](CVE-2020/CVE-2020-367xx/CVE-2020-36713.json) (`2023-06-12T19:27:16.933`) -* [CVE-2020-36712](CVE-2020/CVE-2020-367xx/CVE-2020-36712.json) (`2023-06-12T19:28:01.167`) -* [CVE-2020-36711](CVE-2020/CVE-2020-367xx/CVE-2020-36711.json) (`2023-06-12T19:31:24.717`) -* [CVE-2020-36710](CVE-2020/CVE-2020-367xx/CVE-2020-36710.json) (`2023-06-12T19:32:04.073`) -* [CVE-2020-36709](CVE-2020/CVE-2020-367xx/CVE-2020-36709.json) (`2023-06-12T19:32:36.913`) -* [CVE-2020-36704](CVE-2020/CVE-2020-367xx/CVE-2020-36704.json) (`2023-06-12T19:33:03.833`) -* [CVE-2020-36703](CVE-2020/CVE-2020-367xx/CVE-2020-36703.json) (`2023-06-12T19:33:40.297`) -* [CVE-2020-36700](CVE-2020/CVE-2020-367xx/CVE-2020-36700.json) (`2023-06-12T19:46:56.790`) -* [CVE-2020-36731](CVE-2020/CVE-2020-367xx/CVE-2020-36731.json) (`2023-06-12T19:49:28.137`) -* [CVE-2023-33970](CVE-2023/CVE-2023-339xx/CVE-2023-33970.json) (`2023-06-12T18:16:44.043`) -* [CVE-2023-30198](CVE-2023/CVE-2023-301xx/CVE-2023-30198.json) (`2023-06-12T18:22:56.843`) -* [CVE-2023-34105](CVE-2023/CVE-2023-341xx/CVE-2023-34105.json) (`2023-06-12T18:22:56.843`) -* [CVE-2023-34246](CVE-2023/CVE-2023-342xx/CVE-2023-34246.json) (`2023-06-12T18:22:56.843`) -* [CVE-2023-34341](CVE-2023/CVE-2023-343xx/CVE-2023-34341.json) (`2023-06-12T18:22:56.843`) -* [CVE-2023-34344](CVE-2023/CVE-2023-343xx/CVE-2023-34344.json) (`2023-06-12T18:22:56.843`) -* [CVE-2023-34345](CVE-2023/CVE-2023-343xx/CVE-2023-34345.json) (`2023-06-12T18:22:56.843`) -* [CVE-2023-2833](CVE-2023/CVE-2023-28xx/CVE-2023-2833.json) (`2023-06-12T18:25:01.743`) -* [CVE-2023-32217](CVE-2023/CVE-2023-322xx/CVE-2023-32217.json) (`2023-06-12T18:27:46.077`) -* [CVE-2023-2546](CVE-2023/CVE-2023-25xx/CVE-2023-2546.json) (`2023-06-12T18:40:25.907`) -* [CVE-2023-0921](CVE-2023/CVE-2023-09xx/CVE-2023-0921.json) (`2023-06-12T18:43:08.817`) -* [CVE-2023-0636](CVE-2023/CVE-2023-06xx/CVE-2023-0636.json) (`2023-06-12T18:50:07.447`) +* [CVE-2022-4141](CVE-2022/CVE-2022-41xx/CVE-2022-4141.json) (`2023-06-12T20:15:10.410`) +* [CVE-2023-0054](CVE-2023/CVE-2023-00xx/CVE-2023-0054.json) (`2023-06-12T20:15:10.530`) +* [CVE-2023-1175](CVE-2023/CVE-2023-11xx/CVE-2023-1175.json) (`2023-06-12T20:15:11.310`) +* [CVE-2023-2610](CVE-2023/CVE-2023-26xx/CVE-2023-2610.json) (`2023-06-12T20:15:11.783`) +* [CVE-2023-31475](CVE-2023/CVE-2023-314xx/CVE-2023-31475.json) (`2023-06-12T20:15:12.203`) +* [CVE-2023-34212](CVE-2023/CVE-2023-342xx/CVE-2023-34212.json) (`2023-06-12T21:15:22.797`) +* [CVE-2023-34468](CVE-2023/CVE-2023-344xx/CVE-2023-34468.json) (`2023-06-12T21:15:22.863`) ## Download and Usage