diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15034.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15034.json index fbbe8746495..6f7eb1f0e7c 100644 --- a/CVE-2016/CVE-2016-150xx/CVE-2016-15034.json +++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15034.json @@ -2,8 +2,8 @@ "id": "CVE-2016-15034", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-10T18:15:10.260", - "lastModified": "2023-07-10T18:15:29.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:08:02.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,22 +93,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:anakeen:dynacase_webdesk:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.3", + "matchCriteriaId": "51E7DB4C-1CFC-4593-9274-B052FEFF03A9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dynacase-labs/dynacase-webdesk/commit/750a9b35af182950c952faf6ddfdcc50a2b25f8b", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/dynacase-labs/dynacase-webdesk/releases/tag/3.2-20180305", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vuldb.com/?ctiid.233366", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233366", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25088.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25088.json index 0e2cece691a..c232ca1a97e 100644 --- a/CVE-2018/CVE-2018-250xx/CVE-2018-25088.json +++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25088.json @@ -2,8 +2,8 @@ "id": "CVE-2018-25088", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-18T13:15:11.187", - "lastModified": "2023-07-18T13:15:11.187", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2020/CVE-2020-239xx/CVE-2020-23909.json b/CVE-2020/CVE-2020-239xx/CVE-2020-23909.json new file mode 100644 index 00000000000..d5681777201 --- /dev/null +++ b/CVE-2020/CVE-2020-239xx/CVE-2020-23909.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-23909", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.423", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://sourceforge.net/p/advancemame/bugs/285/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-239xx/CVE-2020-23910.json b/CVE-2020/CVE-2020-239xx/CVE-2020-23910.json new file mode 100644 index 00000000000..d51329c392a --- /dev/null +++ b/CVE-2020/CVE-2020-239xx/CVE-2020-23910.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-23910", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.483", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/vlm/asn1c/issues/396", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-239xx/CVE-2020-23911.json b/CVE-2020/CVE-2020-239xx/CVE-2020-23911.json new file mode 100644 index 00000000000..bfd878e4168 --- /dev/null +++ b/CVE-2020/CVE-2020-239xx/CVE-2020-23911.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-23911", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.537", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/vlm/asn1c/issues/394", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36762.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36762.json new file mode 100644 index 00000000000..301fd45b3d6 --- /dev/null +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36762.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2020-36762", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-18T15:15:11.133", + "lastModified": "2023-07-18T15:15:11.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ONSdigital/ras-collection-instrument/commit/dcaad2540f7d50c512ff2e031d3778dd9337db2b", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ONSdigital/ras-collection-instrument/pull/199", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ONSdigital/ras-collection-instrument/releases/tag/2.0.28", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.234248", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.234248", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-322xx/CVE-2021-32256.json b/CVE-2021/CVE-2021-322xx/CVE-2021-32256.json new file mode 100644 index 00000000000..2b54bd75602 --- /dev/null +++ b/CVE-2021/CVE-2021-322xx/CVE-2021-32256.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-32256", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.610", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-332xx/CVE-2021-33294.json b/CVE-2021/CVE-2021-332xx/CVE-2021-33294.json new file mode 100644 index 00000000000..454ff57a62b --- /dev/null +++ b/CVE-2021/CVE-2021-332xx/CVE-2021-33294.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2021-33294", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.673", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501", + "source": "cve@mitre.org" + }, + { + "url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-341xx/CVE-2021-34119.json b/CVE-2021/CVE-2021-341xx/CVE-2021-34119.json new file mode 100644 index 00000000000..77798387bbb --- /dev/null +++ b/CVE-2021/CVE-2021-341xx/CVE-2021-34119.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2021-34119", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.727", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/michaelrsweet/htmldoc/commit/85fa76d77ed69927d24decf476e69bedc7691f48", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/michaelrsweet/htmldoc/issues/431", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-341xx/CVE-2021-34121.json b/CVE-2021/CVE-2021-341xx/CVE-2021-34121.json new file mode 100644 index 00000000000..8f29dfb69b6 --- /dev/null +++ b/CVE-2021/CVE-2021-341xx/CVE-2021-34121.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2021-34121", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.780", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/michaelrsweet/htmldoc/issues/433", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-341xx/CVE-2021-34123.json b/CVE-2021/CVE-2021-341xx/CVE-2021-34123.json new file mode 100644 index 00000000000..0145677d670 --- /dev/null +++ b/CVE-2021/CVE-2021-341xx/CVE-2021-34123.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-34123", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.837", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://sourceforge.net/p/atasm/bugs/23/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-265xx/CVE-2022-26563.json b/CVE-2022/CVE-2022-265xx/CVE-2022-26563.json new file mode 100644 index 00000000000..8bcf33ce7b1 --- /dev/null +++ b/CVE-2022/CVE-2022-265xx/CVE-2022-26563.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-26563", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.907", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bitbucket.org/tildeslash/monit/commits/6ecaab1d375f33165fe98d06d92f36c949c0ea11", + "source": "cve@mitre.org" + }, + { + "url": "https://man7.org/linux/man-pages/man3/pam_acct_mgmt.3.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-330xx/CVE-2022-33064.json b/CVE-2022/CVE-2022-330xx/CVE-2022-33064.json new file mode 100644 index 00000000000..d4d3c7f5363 --- /dev/null +++ b/CVE-2022/CVE-2022-330xx/CVE-2022-33064.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-33064", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:11.973", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/libsndfile/libsndfile/issues/832", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-330xx/CVE-2022-33065.json b/CVE-2022/CVE-2022-330xx/CVE-2022-33065.json new file mode 100644 index 00000000000..a4d80f76aa4 --- /dev/null +++ b/CVE-2022/CVE-2022-330xx/CVE-2022-33065.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-33065", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:12.033", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/libsndfile/libsndfile/issues/789", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libsndfile/libsndfile/issues/833", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34155.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34155.json new file mode 100644 index 00000000000..7dfa13351e2 --- /dev/null +++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34155.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2022-34155", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-07-18T14:15:12.093", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Authentication vulnerability in miniOrange OAuth Single Sign On \u2013 SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On \u2013 SSO (OAuth Client): from n/a through 6.23.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://lana.codes/lanavdb/071fa6eb-2e54-43a1-b37f-1e562988b7d4?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/miniorange-login-with-eve-online-google-facebook/wordpress-oauth-single-sign-on-sso-oauth-client-plugin-6-23-3-broken-authentication-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-414xx/CVE-2022-41409.json b/CVE-2022/CVE-2022-414xx/CVE-2022-41409.json new file mode 100644 index 00000000000..cc048b03467 --- /dev/null +++ b/CVE-2022/CVE-2022-414xx/CVE-2022-41409.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-41409", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:12.197", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/PCRE2Project/pcre2/issues/141", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47085.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47085.json new file mode 100644 index 00000000000..907f2aa1951 --- /dev/null +++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47085.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-47085", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T14:15:12.263", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://doc.rust-lang.org/std/macro.eprintln.html", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ostreedev/ostree/issues/2775", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47169.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47169.json index ab26831d45e..4bf29f61197 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47169.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47169.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47169", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T13:15:11.613", - "lastModified": "2023-07-18T13:15:11.613", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47421.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47421.json new file mode 100644 index 00000000000..f5b74278bea --- /dev/null +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47421.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2022-47421", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-07-18T15:15:11.363", + "lastModified": "2023-07-18T15:15:11.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-4-stored-cross-site-scripting-xss-on-common-messages-settings?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/armember/wordpress-armember-premium-wordpress-membership-plugin-plugin-5-8-stored-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23660.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23660.json index f6c0ed96edf..c5298eda609 100644 --- a/CVE-2023/CVE-2023-236xx/CVE-2023-23660.json +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23660.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23660", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T13:15:11.713", - "lastModified": "2023-07-18T13:15:11.713", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23777.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23777.json index 3de8ec59c45..0cf63db0c24 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23777.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23777.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23777", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-07-11T09:15:09.460", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:40:59.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +54,61 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3.6", + "versionEndIncluding": "6.3.18", + "matchCriteriaId": "50CAE07E-9AA6-40F8-9A38-171AE7244FE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.3", + "matchCriteriaId": "AF5ED7B3-39F3-49FD-82D9-72CAB2D68636" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3DF60F8C-355E-4F89-A1E3-EE0644D03EE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8A50C87E-68F1-449E-8111-4082CD9BBCA9" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-22-131", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24390.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24390.json new file mode 100644 index 00000000000..695b1a6d7dd --- /dev/null +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24390.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24390", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-07-18T15:15:11.467", + "lastModified": "2023-07-18T15:15:11.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <=\u00a01.2.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wesecur-security/wordpress-wesecur-security-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25036.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25036.json index 11a1bf21d87..2b011753be6 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25036.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25036.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25036", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T13:15:11.810", - "lastModified": "2023-07-18T13:15:11.810", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29130.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29130.json index 3f4cff1716f..4e9ff2318d1 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29130.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29130.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29130", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:10.407", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:53:09.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.5", + "matchCriteriaId": "3F50C1C5-0934-44E6-A3F3-C473B6EA82F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30906.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30906.json new file mode 100644 index 00000000000..755194d3e20 --- /dev/null +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30906.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-30906", + "sourceIdentifier": "security-alert@hpe.com", + "published": "2023-07-18T14:15:12.333", + "lastModified": "2023-07-18T15:15:11.560", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The vulnerability could be locally exploited to allow escalation of privilege.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-alert@hpe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04486en_us", + "source": "security-alert@hpe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31441.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31441.json new file mode 100644 index 00000000000..4344e6e3c17 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31441.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31441", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T15:15:11.663", + "lastModified": "2023-07-18T15:15:11.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/NCI-Agency/anet/blob/0662b99dfdec1ce07439eb7bed02d90320acc721/src/main/java/mil/dds/anet/utils/Utils.java", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/NCI-Agency/anet/issues/4408", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32965.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32965.json new file mode 100644 index 00000000000..5bfcec38acf --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32965.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32965", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-07-18T14:15:12.403", + "lastModified": "2023-07-18T14:47:25.743", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <=\u00a01.8.7 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/jazz-popups/wordpress-jazz-popups-plugin-1-8-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34015.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34015.json index fdff8b7d7fc..9c1494d4619 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34015.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34015.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34015", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T09:15:09.717", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:47:17.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:piwebsolution:advanced-free-flat-shipping-woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.4.6", + "matchCriteriaId": "A13831A1-9638-48BF-A2D7-983D193DACD0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/advanced-free-flat-shipping-woocommerce/wordpress-advanced-flat-rate-shipping-woocommerce-plugin-1-6-4-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35366.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35366.json index e21d4655e06..42c233a8d16 100644 --- a/CVE-2023/CVE-2023-353xx/CVE-2023-35366.json +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35366.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35366", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-11T18:15:19.907", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:06:48.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20048", + "matchCriteriaId": "CA7DB0E9-3DCD-4FAE-8F9A-20D15E061ED7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6085", + "matchCriteriaId": "8557A170-443F-49D3-9041-0D883E6CB556" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4645", + "matchCriteriaId": "E7CD9EA5-EB3A-4C42-B208-75590288F6F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3208", + "matchCriteriaId": "22A20A25-6FDE-4715-873E-E7FBF2DFABCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3208", + "matchCriteriaId": "7408C04A-729A-4CFF-8AF0-97A18BB2BD9C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2176", + "matchCriteriaId": "F10BCA0D-417F-42E3-93BF-2C227357702B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.1992", + "matchCriteriaId": "B1C277B2-DE09-453D-B33E-42917E11D0E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35366", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35367.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35367.json index e0553a7c232..25c5dbcd825 100644 --- a/CVE-2023/CVE-2023-353xx/CVE-2023-35367.json +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35367.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35367", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-11T18:15:19.957", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:06:56.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20048", + "matchCriteriaId": "CA7DB0E9-3DCD-4FAE-8F9A-20D15E061ED7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6085", + "matchCriteriaId": "8557A170-443F-49D3-9041-0D883E6CB556" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4645", + "matchCriteriaId": "E7CD9EA5-EB3A-4C42-B208-75590288F6F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3208", + "matchCriteriaId": "22A20A25-6FDE-4715-873E-E7FBF2DFABCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3208", + "matchCriteriaId": "7408C04A-729A-4CFF-8AF0-97A18BB2BD9C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2176", + "matchCriteriaId": "F10BCA0D-417F-42E3-93BF-2C227357702B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.1992", + "matchCriteriaId": "B1C277B2-DE09-453D-B33E-42917E11D0E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35367", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35887.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35887.json index d0f94bed8b8..6c2b3af110b 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35887.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35887.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35887", "sourceIdentifier": "security@apache.org", "published": "2023-07-10T16:15:53.050", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:30:37.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@apache.org", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:mina:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "2.10.0", + "matchCriteriaId": "FACA622E-E960-457C-9D9B-11D782E806F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3580.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3580.json index a7e9b355fe6..f6c788c3d10 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3580.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3580.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3580", "sourceIdentifier": "security@huntr.dev", "published": "2023-07-10T16:15:56.727", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:14:36.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,8 +58,18 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +78,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.4.0", + "matchCriteriaId": "1B5AA83C-C544-40BA-AAC6-A2D0A9E64895" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/squidex/squidex/commit/2aca7621845ce18ed4065cba8e3d0fa68aaf02bf", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/4eed53ca-06c2-43aa-aea8-c03ea5f13ce4", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36120.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36120.json new file mode 100644 index 00000000000..84540716a77 --- /dev/null +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36120.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-36120", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T15:15:11.720", + "lastModified": "2023-07-18T15:15:11.720", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36375.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36375.json index 439c9404c29..5845599d0f3 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36375.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36375.json @@ -2,23 +2,82 @@ "id": "CVE-2023-36375", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-10T17:15:09.263", - "lastModified": "2023-07-10T17:43:10.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:10:25.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@ridheshgohil1092/cve-2023-36375-xss-on-hostel-management-system-d654e6df26bc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://packetstormsecurity.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36383.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36383.json new file mode 100644 index 00000000000..c1f0f28f043 --- /dev/null +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36383.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36383", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-07-18T15:15:11.777", + "lastModified": "2023-07-18T15:15:11.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <=\u00a03.9.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-3-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36384.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36384.json new file mode 100644 index 00000000000..bc2a902aba7 --- /dev/null +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36384.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36384", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-07-18T15:15:11.867", + "lastModified": "2023-07-18T15:15:11.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <=\u00a01.2.40 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/booking-calendar-contact-form/wordpress-booking-calendar-contact-form-plugin-1-2-40-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36386.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36386.json index 4b695688e24..b31d40fd903 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36386.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36386.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36386", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:10.680", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:45:46.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36517.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36517.json index acf8b2d2a0a..2201cf756ca 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36517.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36517.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36517", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T09:15:09.913", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:57:59.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp_abstracts_project:wp_abstracts:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6.2", + "matchCriteriaId": "046EF27A-B1B7-4D28-B8BD-38EAA57106F8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-abstracts-manuscripts-manager/wordpress-wp-abstracts-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36691.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36691.json index 1349784819c..22d4f6534df 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36691.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36691.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36691", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:53.347", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:18:17.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webwinkelkeur_project:webwinkelkeur:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.25", + "matchCriteriaId": "E260A1C2-C86E-4628-923F-F9D535F1AC5A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/webwinkelkeur/wordpress-webwinkelkeu-plugin-3-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36755.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36755.json index 4edeeab1bbb..92953f6aa7c 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36755.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36755.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36755", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.490", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:41:50.873", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37152.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37152.json index 7a069d39814..5c2630e8a8b 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37152.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37152.json @@ -2,23 +2,84 @@ "id": "CVE-2023-37152", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-10T16:15:53.563", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:11:01.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:online_art_gallery_project:online_art_gallery:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20111A1B-67B9-4A91-A504-B382059AC3F5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Art%20gallery%20project%201.0.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.exploit-db.com/exploits/51524", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37246.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37246.json index 125b29a8493..f6316244b92 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37246.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37246.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37246", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.550", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:57:38.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2201", + "versionEndExcluding": "2201.0008", + "matchCriteriaId": "0E8C9093-BD78-4ECE-9221-A889371B3839" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2302", + "versionEndExcluding": "2302.0002", + "matchCriteriaId": "C7103507-EE73-42FF-9DAB-37DD06467591" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37247.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37247.json index e0515198e7c..d09de80957e 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37247.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37247.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37247", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.617", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:02:30.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2201", + "versionEndExcluding": "2201.0008", + "matchCriteriaId": "0E8C9093-BD78-4ECE-9221-A889371B3839" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2302", + "versionEndExcluding": "2302.0002", + "matchCriteriaId": "C7103507-EE73-42FF-9DAB-37DD06467591" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37248.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37248.json index 513fbb1fb0f..8e25d5572c6 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37248.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37248.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37248", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.680", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:03:03.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2201", + "versionEndExcluding": "2201.0008", + "matchCriteriaId": "0E8C9093-BD78-4ECE-9221-A889371B3839" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2302", + "versionEndExcluding": "2302.0002", + "matchCriteriaId": "C7103507-EE73-42FF-9DAB-37DD06467591" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37277.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37277.json index 623de0b9a43..8934078b25d 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37277.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37277.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37277", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-10T17:15:09.313", - "lastModified": "2023-07-10T17:43:10.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:58:11.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.8", + "versionEndExcluding": "14.10.8", + "matchCriteriaId": "89DD2669-E874-4C85-BA55-198C46164747" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F1AD4421-AE75-43F7-9B8F-F0A739D166C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20135", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37374.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37374.json index b1858085d59..e9740c744fd 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37374.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37374.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37374", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.743", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:53:37.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2201", + "versionEndExcluding": "2201.0008", + "matchCriteriaId": "0E8C9093-BD78-4ECE-9221-A889371B3839" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2302", + "versionEndExcluding": "2302.0002", + "matchCriteriaId": "C7103507-EE73-42FF-9DAB-37DD06467591" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37375.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37375.json index 20df1377075..7c19849dfcb 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37375.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37375.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37375", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.813", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:55:14.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2201", + "versionEndExcluding": "2201.0008", + "matchCriteriaId": "0E8C9093-BD78-4ECE-9221-A889371B3839" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2302", + "versionEndExcluding": "2302.0002", + "matchCriteriaId": "C7103507-EE73-42FF-9DAB-37DD06467591" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37376.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37376.json index 083c698eddf..660ebfbfcc8 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37376.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37376.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37376", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.877", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T14:56:17.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2201", + "versionEndExcluding": "2201.0008", + "matchCriteriaId": "0E8C9093-BD78-4ECE-9221-A889371B3839" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2302", + "versionEndExcluding": "2302.0002", + "matchCriteriaId": "C7103507-EE73-42FF-9DAB-37DD06467591" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37386.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37386.json index b59deb1f675..4214896c845 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37386.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37386.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37386", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T13:15:12.013", - "lastModified": "2023-07-18T13:15:12.013", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37387.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37387.json index d9e387efc74..05727ab9622 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37387.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37387.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37387", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T13:15:12.103", - "lastModified": "2023-07-18T13:15:12.103", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37658.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37658.json index 1754db3521a..7aeefacbdd0 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37658.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37658.json @@ -2,19 +2,76 @@ "id": "CVE-2023-37658", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T15:15:20.417", - "lastModified": "2023-07-11T16:16:52.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:14:27.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, but without strictly check file suffix at /server/fast.py -> ApiUploadHandler.post causes stored XSS" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fastposter:fast-poster:2.15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2CB1EB2C-3DB6-471E-87E2-AFFD315DCA51" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/psoho/fast-poster/issues/13", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37659.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37659.json index 1dae621d524..6851b40f523 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37659.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37659.json @@ -2,19 +2,77 @@ "id": "CVE-2023-37659", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T15:15:20.467", - "lastModified": "2023-07-11T16:16:52.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T15:17:31.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xalpha_project:xalpha:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.11.4", + "versionEndIncluding": "0.11.8", + "matchCriteriaId": "ADC6A8AB-1662-4166-B2A1-CDAFE954265D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/refraction-ray/xalpha/issues/175", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37889.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37889.json index 6582663f380..f0e5df69ad7 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37889.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37889.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37889", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T13:15:12.197", - "lastModified": "2023-07-18T13:15:12.197", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37892.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37892.json index fa9405dcde9..e52b4ae3230 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37892.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37892.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37892", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T13:15:12.290", - "lastModified": "2023-07-18T13:15:12.290", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37973.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37973.json index 141fb41f400..a0d3f46eb36 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37973.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37973.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37973", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T13:15:12.387", - "lastModified": "2023-07-18T13:15:12.387", - "vulnStatus": "Received", + "lastModified": "2023-07-18T14:11:49.930", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 166eb1526d8..72dbc1f9b7f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-18T14:00:47.612665+00:00 +2023-07-18T16:00:43.862070+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-18T13:55:54.120000+00:00 +2023-07-18T15:58:11.400000+00:00 ``` ### Last Data Feed Release @@ -29,60 +29,67 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -220524 +220547 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `23` -* [CVE-2018-25088](CVE-2018/CVE-2018-250xx/CVE-2018-25088.json) (`2023-07-18T13:15:11.187`) -* [CVE-2022-45828](CVE-2022/CVE-2022-458xx/CVE-2022-45828.json) (`2023-07-18T12:15:11.870`) -* [CVE-2022-46857](CVE-2022/CVE-2022-468xx/CVE-2022-46857.json) (`2023-07-18T12:15:12.057`) -* [CVE-2022-47169](CVE-2022/CVE-2022-471xx/CVE-2022-47169.json) (`2023-07-18T13:15:11.613`) -* [CVE-2023-25473](CVE-2023/CVE-2023-254xx/CVE-2023-25473.json) (`2023-07-18T12:15:12.160`) -* [CVE-2023-25475](CVE-2023/CVE-2023-254xx/CVE-2023-25475.json) (`2023-07-18T12:15:12.247`) -* [CVE-2023-25482](CVE-2023/CVE-2023-254xx/CVE-2023-25482.json) (`2023-07-18T12:15:12.337`) -* [CVE-2023-3743](CVE-2023/CVE-2023-37xx/CVE-2023-3743.json) (`2023-07-18T12:15:12.427`) -* [CVE-2023-23660](CVE-2023/CVE-2023-236xx/CVE-2023-23660.json) (`2023-07-18T13:15:11.713`) -* [CVE-2023-25036](CVE-2023/CVE-2023-250xx/CVE-2023-25036.json) (`2023-07-18T13:15:11.810`) -* [CVE-2023-37386](CVE-2023/CVE-2023-373xx/CVE-2023-37386.json) (`2023-07-18T13:15:12.013`) -* [CVE-2023-37387](CVE-2023/CVE-2023-373xx/CVE-2023-37387.json) (`2023-07-18T13:15:12.103`) -* [CVE-2023-37889](CVE-2023/CVE-2023-378xx/CVE-2023-37889.json) (`2023-07-18T13:15:12.197`) -* [CVE-2023-37892](CVE-2023/CVE-2023-378xx/CVE-2023-37892.json) (`2023-07-18T13:15:12.290`) -* [CVE-2023-37973](CVE-2023/CVE-2023-379xx/CVE-2023-37973.json) (`2023-07-18T13:15:12.387`) -* [CVE-2023-38326](CVE-2023/CVE-2023-383xx/CVE-2023-38326.json) (`2023-07-18T13:15:12.483`) +* [CVE-2020-23909](CVE-2020/CVE-2020-239xx/CVE-2020-23909.json) (`2023-07-18T14:15:11.423`) +* [CVE-2020-23910](CVE-2020/CVE-2020-239xx/CVE-2020-23910.json) (`2023-07-18T14:15:11.483`) +* [CVE-2020-23911](CVE-2020/CVE-2020-239xx/CVE-2020-23911.json) (`2023-07-18T14:15:11.537`) +* [CVE-2020-36762](CVE-2020/CVE-2020-367xx/CVE-2020-36762.json) (`2023-07-18T15:15:11.133`) +* [CVE-2021-32256](CVE-2021/CVE-2021-322xx/CVE-2021-32256.json) (`2023-07-18T14:15:11.610`) +* [CVE-2021-33294](CVE-2021/CVE-2021-332xx/CVE-2021-33294.json) (`2023-07-18T14:15:11.673`) +* [CVE-2021-34119](CVE-2021/CVE-2021-341xx/CVE-2021-34119.json) (`2023-07-18T14:15:11.727`) +* [CVE-2021-34121](CVE-2021/CVE-2021-341xx/CVE-2021-34121.json) (`2023-07-18T14:15:11.780`) +* [CVE-2021-34123](CVE-2021/CVE-2021-341xx/CVE-2021-34123.json) (`2023-07-18T14:15:11.837`) +* [CVE-2022-26563](CVE-2022/CVE-2022-265xx/CVE-2022-26563.json) (`2023-07-18T14:15:11.907`) +* [CVE-2022-33064](CVE-2022/CVE-2022-330xx/CVE-2022-33064.json) (`2023-07-18T14:15:11.973`) +* [CVE-2022-33065](CVE-2022/CVE-2022-330xx/CVE-2022-33065.json) (`2023-07-18T14:15:12.033`) +* [CVE-2022-34155](CVE-2022/CVE-2022-341xx/CVE-2022-34155.json) (`2023-07-18T14:15:12.093`) +* [CVE-2022-41409](CVE-2022/CVE-2022-414xx/CVE-2022-41409.json) (`2023-07-18T14:15:12.197`) +* [CVE-2022-47085](CVE-2022/CVE-2022-470xx/CVE-2022-47085.json) (`2023-07-18T14:15:12.263`) +* [CVE-2022-47421](CVE-2022/CVE-2022-474xx/CVE-2022-47421.json) (`2023-07-18T15:15:11.363`) +* [CVE-2023-32965](CVE-2023/CVE-2023-329xx/CVE-2023-32965.json) (`2023-07-18T14:15:12.403`) +* [CVE-2023-24390](CVE-2023/CVE-2023-243xx/CVE-2023-24390.json) (`2023-07-18T15:15:11.467`) +* [CVE-2023-30906](CVE-2023/CVE-2023-309xx/CVE-2023-30906.json) (`2023-07-18T14:15:12.333`) +* [CVE-2023-31441](CVE-2023/CVE-2023-314xx/CVE-2023-31441.json) (`2023-07-18T15:15:11.663`) +* [CVE-2023-36120](CVE-2023/CVE-2023-361xx/CVE-2023-36120.json) (`2023-07-18T15:15:11.720`) +* [CVE-2023-36383](CVE-2023/CVE-2023-363xx/CVE-2023-36383.json) (`2023-07-18T15:15:11.777`) +* [CVE-2023-36384](CVE-2023/CVE-2023-363xx/CVE-2023-36384.json) (`2023-07-18T15:15:11.867`) ### CVEs modified in the last Commit -Recently modified CVEs: `78` +Recently modified CVEs: `32` -* [CVE-2023-38428](CVE-2023/CVE-2023-384xx/CVE-2023-38428.json) (`2023-07-18T12:59:03.770`) -* [CVE-2023-38429](CVE-2023/CVE-2023-384xx/CVE-2023-38429.json) (`2023-07-18T12:59:03.770`) -* [CVE-2023-38430](CVE-2023/CVE-2023-384xx/CVE-2023-38430.json) (`2023-07-18T12:59:03.770`) -* [CVE-2023-38431](CVE-2023/CVE-2023-384xx/CVE-2023-38431.json) (`2023-07-18T12:59:03.770`) -* [CVE-2023-38432](CVE-2023/CVE-2023-384xx/CVE-2023-38432.json) (`2023-07-18T12:59:03.770`) -* [CVE-2023-37791](CVE-2023/CVE-2023-377xx/CVE-2023-37791.json) (`2023-07-18T12:59:10.100`) -* [CVE-2023-28864](CVE-2023/CVE-2023-288xx/CVE-2023-28864.json) (`2023-07-18T12:59:10.100`) -* [CVE-2023-37461](CVE-2023/CVE-2023-374xx/CVE-2023-37461.json) (`2023-07-18T12:59:10.100`) -* [CVE-2023-37769](CVE-2023/CVE-2023-377xx/CVE-2023-37769.json) (`2023-07-18T12:59:10.100`) -* [CVE-2023-37153](CVE-2023/CVE-2023-371xx/CVE-2023-37153.json) (`2023-07-18T13:09:10.123`) -* [CVE-2023-36825](CVE-2023/CVE-2023-368xx/CVE-2023-36825.json) (`2023-07-18T13:15:11.907`) -* [CVE-2023-35363](CVE-2023/CVE-2023-353xx/CVE-2023-35363.json) (`2023-07-18T13:30:37.973`) -* [CVE-2023-35364](CVE-2023/CVE-2023-353xx/CVE-2023-35364.json) (`2023-07-18T13:31:29.590`) -* [CVE-2023-3608](CVE-2023/CVE-2023-36xx/CVE-2023-3608.json) (`2023-07-18T13:31:54.110`) -* [CVE-2023-35356](CVE-2023/CVE-2023-353xx/CVE-2023-35356.json) (`2023-07-18T13:34:07.400`) -* [CVE-2023-35357](CVE-2023/CVE-2023-353xx/CVE-2023-35357.json) (`2023-07-18T13:37:13.943`) -* [CVE-2023-35358](CVE-2023/CVE-2023-353xx/CVE-2023-35358.json) (`2023-07-18T13:37:29.030`) -* [CVE-2023-35360](CVE-2023/CVE-2023-353xx/CVE-2023-35360.json) (`2023-07-18T13:44:05.863`) -* [CVE-2023-35361](CVE-2023/CVE-2023-353xx/CVE-2023-35361.json) (`2023-07-18T13:44:17.307`) -* [CVE-2023-3607](CVE-2023/CVE-2023-36xx/CVE-2023-3607.json) (`2023-07-18T13:47:32.097`) -* [CVE-2023-35352](CVE-2023/CVE-2023-353xx/CVE-2023-35352.json) (`2023-07-18T13:50:11.260`) -* [CVE-2023-35353](CVE-2023/CVE-2023-353xx/CVE-2023-35353.json) (`2023-07-18T13:53:13.173`) -* [CVE-2023-35362](CVE-2023/CVE-2023-353xx/CVE-2023-35362.json) (`2023-07-18T13:53:23.963`) -* [CVE-2023-34432](CVE-2023/CVE-2023-344xx/CVE-2023-34432.json) (`2023-07-18T13:53:51.417`) -* [CVE-2023-35365](CVE-2023/CVE-2023-353xx/CVE-2023-35365.json) (`2023-07-18T13:55:40.097`) +* [CVE-2023-25036](CVE-2023/CVE-2023-250xx/CVE-2023-25036.json) (`2023-07-18T14:11:49.930`) +* [CVE-2023-37386](CVE-2023/CVE-2023-373xx/CVE-2023-37386.json) (`2023-07-18T14:11:49.930`) +* [CVE-2023-37387](CVE-2023/CVE-2023-373xx/CVE-2023-37387.json) (`2023-07-18T14:11:49.930`) +* [CVE-2023-37889](CVE-2023/CVE-2023-378xx/CVE-2023-37889.json) (`2023-07-18T14:11:49.930`) +* [CVE-2023-37892](CVE-2023/CVE-2023-378xx/CVE-2023-37892.json) (`2023-07-18T14:11:49.930`) +* [CVE-2023-37973](CVE-2023/CVE-2023-379xx/CVE-2023-37973.json) (`2023-07-18T14:11:49.930`) +* [CVE-2023-23777](CVE-2023/CVE-2023-237xx/CVE-2023-23777.json) (`2023-07-18T14:40:59.550`) +* [CVE-2023-34015](CVE-2023/CVE-2023-340xx/CVE-2023-34015.json) (`2023-07-18T14:47:17.697`) +* [CVE-2023-37374](CVE-2023/CVE-2023-373xx/CVE-2023-37374.json) (`2023-07-18T14:53:37.517`) +* [CVE-2023-37375](CVE-2023/CVE-2023-373xx/CVE-2023-37375.json) (`2023-07-18T14:55:14.487`) +* [CVE-2023-37376](CVE-2023/CVE-2023-373xx/CVE-2023-37376.json) (`2023-07-18T14:56:17.227`) +* [CVE-2023-37246](CVE-2023/CVE-2023-372xx/CVE-2023-37246.json) (`2023-07-18T14:57:38.210`) +* [CVE-2023-37247](CVE-2023/CVE-2023-372xx/CVE-2023-37247.json) (`2023-07-18T15:02:30.907`) +* [CVE-2023-37248](CVE-2023/CVE-2023-372xx/CVE-2023-37248.json) (`2023-07-18T15:03:03.557`) +* [CVE-2023-37152](CVE-2023/CVE-2023-371xx/CVE-2023-37152.json) (`2023-07-18T15:11:01.287`) +* [CVE-2023-37658](CVE-2023/CVE-2023-376xx/CVE-2023-37658.json) (`2023-07-18T15:14:27.157`) +* [CVE-2023-3580](CVE-2023/CVE-2023-35xx/CVE-2023-3580.json) (`2023-07-18T15:14:36.807`) +* [CVE-2023-37659](CVE-2023/CVE-2023-376xx/CVE-2023-37659.json) (`2023-07-18T15:17:31.407`) +* [CVE-2023-36691](CVE-2023/CVE-2023-366xx/CVE-2023-36691.json) (`2023-07-18T15:18:17.570`) +* [CVE-2023-35887](CVE-2023/CVE-2023-358xx/CVE-2023-35887.json) (`2023-07-18T15:30:37.763`) +* [CVE-2023-36755](CVE-2023/CVE-2023-367xx/CVE-2023-36755.json) (`2023-07-18T15:41:50.873`) +* [CVE-2023-36386](CVE-2023/CVE-2023-363xx/CVE-2023-36386.json) (`2023-07-18T15:45:46.237`) +* [CVE-2023-29130](CVE-2023/CVE-2023-291xx/CVE-2023-29130.json) (`2023-07-18T15:53:09.663`) +* [CVE-2023-36517](CVE-2023/CVE-2023-365xx/CVE-2023-36517.json) (`2023-07-18T15:57:59.233`) +* [CVE-2023-37277](CVE-2023/CVE-2023-372xx/CVE-2023-37277.json) (`2023-07-18T15:58:11.400`) ## Download and Usage