diff --git a/CVE-2015/CVE-2015-201xx/CVE-2015-20107.json b/CVE-2015/CVE-2015-201xx/CVE-2015-20107.json index 26554a6ac5a..bbc1eccd75c 100644 --- a/CVE-2015/CVE-2015-201xx/CVE-2015-20107.json +++ b/CVE-2015/CVE-2015-201xx/CVE-2015-20107.json @@ -2,7 +2,7 @@ "id": "CVE-2015-20107", "sourceIdentifier": "cve@mitre.org", "published": "2022-04-13T16:15:08.937", - "lastModified": "2023-05-24T21:15:09.160", + "lastModified": "2023-06-30T23:15:09.223", "vulnStatus": "Modified", "descriptions": [ { @@ -192,6 +192,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "source": "cve@mitre.org" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/", "source": "cve@mitre.org", diff --git a/CVE-2015/CVE-2015-75xx/CVE-2015-7559.json b/CVE-2015/CVE-2015-75xx/CVE-2015-7559.json index 4ad59b43335..68b7bcad1a5 100644 --- a/CVE-2015/CVE-2015-75xx/CVE-2015-7559.json +++ b/CVE-2015/CVE-2015-75xx/CVE-2015-7559.json @@ -2,12 +2,12 @@ "id": "CVE-2015-7559", "sourceIdentifier": "secalert@redhat.com", "published": "2019-08-01T14:15:10.940", - "lastModified": "2023-03-03T18:35:36.953", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-30T22:15:09.373", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client." + "value": "It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client." }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-107xx/CVE-2020-10735.json b/CVE-2020/CVE-2020-107xx/CVE-2020-10735.json index 7afa6949b4a..db7475fa450 100644 --- a/CVE-2020/CVE-2020-107xx/CVE-2020-10735.json +++ b/CVE-2020/CVE-2020-107xx/CVE-2020-10735.json @@ -2,7 +2,7 @@ "id": "CVE-2020-10735", "sourceIdentifier": "secalert@redhat.com", "published": "2022-09-09T14:15:08.660", - "lastModified": "2023-02-12T22:15:15.970", + "lastModified": "2023-06-30T23:15:09.393", "vulnStatus": "Modified", "descriptions": [ { @@ -241,6 +241,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/", "source": "secalert@redhat.com" diff --git a/CVE-2021/CVE-2021-07xx/CVE-2021-0701.json b/CVE-2021/CVE-2021-07xx/CVE-2021-0701.json index 90df7f7509a..a2e5b7a7505 100644 --- a/CVE-2021/CVE-2021-07xx/CVE-2021-0701.json +++ b/CVE-2021/CVE-2021-07xx/CVE-2021-0701.json @@ -2,12 +2,12 @@ "id": "CVE-2021-0701", "sourceIdentifier": "security@android.com", "published": "2023-06-15T19:15:09.163", - "lastModified": "2023-06-22T19:22:22.497", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-30T22:15:09.567", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Product: AndroidVersions: Android SoCAndroid ID: A-277775870" + "value": "In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-09xx/CVE-2021-0945.json b/CVE-2021/CVE-2021-09xx/CVE-2021-0945.json index 1657ec27088..f0588b1d76a 100644 --- a/CVE-2021/CVE-2021-09xx/CVE-2021-0945.json +++ b/CVE-2021/CVE-2021-09xx/CVE-2021-0945.json @@ -2,12 +2,12 @@ "id": "CVE-2021-0945", "sourceIdentifier": "security@android.com", "published": "2023-06-15T19:15:09.217", - "lastModified": "2023-06-22T19:22:07.407", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-30T22:15:09.640", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Product: AndroidVersions: Android SoCAndroid ID: A-278156680" + "value": "In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-34xx/CVE-2021-3426.json b/CVE-2021/CVE-2021-34xx/CVE-2021-3426.json index 10b705db70b..02fb0ac01a6 100644 --- a/CVE-2021/CVE-2021-34xx/CVE-2021-3426.json +++ b/CVE-2021/CVE-2021-34xx/CVE-2021-3426.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3426", "sourceIdentifier": "secalert@redhat.com", "published": "2021-05-20T13:15:07.753", - "lastModified": "2022-10-25T20:56:30.737", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-30T23:15:09.543", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -284,6 +284,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/", "source": "secalert@redhat.com", diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3733.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3733.json index e572d747ac1..512c1c4e742 100644 --- a/CVE-2021/CVE-2021-37xx/CVE-2021-3733.json +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3733.json @@ -2,7 +2,7 @@ "id": "CVE-2021-3733", "sourceIdentifier": "secalert@redhat.com", "published": "2022-03-10T17:42:59.623", - "lastModified": "2023-05-24T21:15:10.037", + "lastModified": "2023-06-30T23:15:09.690", "vulnStatus": "Modified", "descriptions": [ { @@ -308,6 +308,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "source": "secalert@redhat.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20220407-0001/", "source": "secalert@redhat.com", diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3737.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3737.json index 71f8fcd5104..2037bacfc21 100644 --- a/CVE-2021/CVE-2021-37xx/CVE-2021-3737.json +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3737.json @@ -2,7 +2,7 @@ "id": "CVE-2021-3737", "sourceIdentifier": "secalert@redhat.com", "published": "2022-03-04T19:15:08.730", - "lastModified": "2023-05-24T21:15:10.180", + "lastModified": "2023-06-30T23:15:09.843", "vulnStatus": "Modified", "descriptions": [ { @@ -337,6 +337,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "source": "secalert@redhat.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "source": "secalert@redhat.com" + }, { "url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", "source": "secalert@redhat.com", diff --git a/CVE-2021/CVE-2021-41xx/CVE-2021-4189.json b/CVE-2021/CVE-2021-41xx/CVE-2021-4189.json index 6c23b445006..5937b1016dc 100644 --- a/CVE-2021/CVE-2021-41xx/CVE-2021-4189.json +++ b/CVE-2021/CVE-2021-41xx/CVE-2021-4189.json @@ -2,7 +2,7 @@ "id": "CVE-2021-4189", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-24T16:15:09.827", - "lastModified": "2023-05-24T21:15:10.313", + "lastModified": "2023-06-30T23:15:09.980", "vulnStatus": "Modified", "descriptions": [ { @@ -187,6 +187,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "source": "secalert@redhat.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "source": "secalert@redhat.com" + }, { "url": "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", "source": "secalert@redhat.com", diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45061.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45061.json index 9ea7f138fbb..87e41203405 100644 --- a/CVE-2022/CVE-2022-450xx/CVE-2022-45061.json +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45061.json @@ -2,7 +2,7 @@ "id": "CVE-2022-45061", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-09T07:15:09.887", - "lastModified": "2023-05-24T21:15:10.923", + "lastModified": "2023-06-30T23:15:10.097", "vulnStatus": "Modified", "descriptions": [ { @@ -274,6 +274,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "source": "cve@mitre.org" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json new file mode 100644 index 00000000000..b650626d660 --- /dev/null +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-1206", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-06-30T22:15:09.747", + "lastModified": "2023-06-30T22:15:09.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u2019s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175903", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22815.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22815.json new file mode 100644 index 00000000000..d764b002e55 --- /dev/null +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22815.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22815", + "sourceIdentifier": "psirt@wdc.com", + "published": "2023-06-30T22:15:09.817", + "lastModified": "2023-06-30T22:15:09.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nPost-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files.\n\n\n\nThis issue affects My Cloud OS 5 devices: before 5.26.300.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@wdc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@wdc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300", + "source": "psirt@wdc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22816.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22816.json new file mode 100644 index 00000000000..3f34f0dd82d --- /dev/null +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22816.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22816", + "sourceIdentifier": "psirt@wdc.com", + "published": "2023-06-30T22:15:09.883", + "lastModified": "2023-06-30T22:15:09.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.\nThis issue affects My Cloud OS 5 devices: before 5.26.300.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@wdc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@wdc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300", + "source": "psirt@wdc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-292xx/CVE-2023-29241.json b/CVE-2023/CVE-2023-292xx/CVE-2023-29241.json new file mode 100644 index 00000000000..91ac9ad706f --- /dev/null +++ b/CVE-2023/CVE-2023-292xx/CVE-2023-29241.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29241", + "sourceIdentifier": "psirt@bosch.com", + "published": "2023-06-30T22:15:09.947", + "lastModified": "2023-06-30T22:15:09.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1112" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-988400-BT.html", + "source": "psirt@bosch.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2908.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2908.json new file mode 100644 index 00000000000..5fe0a68be12 --- /dev/null +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2908.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-2908", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-06-30T22:15:10.017", + "lastModified": "2023-06-30T22:15:10.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-2908", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json new file mode 100644 index 00000000000..3c374849690 --- /dev/null +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-3117", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-06-30T22:15:10.127", + "lastModified": "2023-06-30T22:15:10.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33298.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33298.json new file mode 100644 index 00000000000..81fc5c176b4 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33298.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33298", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-30T22:15:10.077", + "lastModified": "2023-06-30T22:15:10.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.perimeter81.com/docs/macos-agent-release-notes", + "source": "cve@mitre.org" + }, + { + "url": "https://www.ns-echo.com/posts/cve_2023_33298.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3316.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3316.json index d439ff63a64..d7ffc8239a8 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3316.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3316.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3316", "sourceIdentifier": "reefs@jfrog.com", "published": "2023-06-19T12:15:09.520", - "lastModified": "2023-06-27T12:49:10.240", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-30T22:15:10.183", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -99,6 +99,14 @@ } ], "references": [ + { + "url": "https://gitlab.com/libtiff/libtiff/-/issues/515", + "source": "reefs@jfrog.com" + }, + { + "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/468", + "source": "reefs@jfrog.com" + }, { "url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/", "source": "reefs@jfrog.com", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json new file mode 100644 index 00000000000..f5b1a9191d4 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-3338", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-06-30T22:15:10.270", + "lastModified": "2023-06-30T22:15:10.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-376" + } + ] + } + ], + "references": [ + { + "url": "https://seclists.org/oss-sec/2023/q2/276", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3490.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3490.json new file mode 100644 index 00000000000..a533de66831 --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3490.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3490", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-06-30T22:15:10.327", + "lastModified": "2023-06-30T22:15:10.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3491.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3491.json new file mode 100644 index 00000000000..1270f68eac5 --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3491.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3491", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-06-30T22:15:10.393", + "lastModified": "2023-06-30T22:15:10.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3493.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3493.json new file mode 100644 index 00000000000..1d640a17eec --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3493.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3493", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-06-30T22:15:10.460", + "lastModified": "2023-06-30T22:15:10.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36144.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36144.json new file mode 100644 index 00000000000..61a3752d73a --- /dev/null +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36144.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-36144", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-30T23:15:10.223", + "lastModified": "2023-06-30T23:15:10.223", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://intelbras.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/leonardobg/CVE-2023-36144", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36812.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36812.json new file mode 100644 index 00000000000..8900c7e59fd --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36812.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-36812", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-30T23:15:10.287", + "lastModified": "2023-06-30T23:15:10.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b6b30f07d0b..d65d636ce9c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-30T22:00:25.985565+00:00 +2023-06-30T23:55:25.723490+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-30T21:35:58.937000+00:00 +2023-06-30T23:15:10.287000+00:00 ``` ### Last Data Feed Release @@ -29,46 +29,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218971 +218984 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `13` -* [CVE-2023-27469](CVE-2023/CVE-2023-274xx/CVE-2023-27469.json) (`2023-06-30T20:15:09.360`) -* [CVE-2023-29145](CVE-2023/CVE-2023-291xx/CVE-2023-29145.json) (`2023-06-30T20:15:09.427`) -* [CVE-2023-31543](CVE-2023/CVE-2023-315xx/CVE-2023-31543.json) (`2023-06-30T20:15:09.477`) -* [CVE-2023-29147](CVE-2023/CVE-2023-291xx/CVE-2023-29147.json) (`2023-06-30T21:15:08.920`) -* [CVE-2023-35946](CVE-2023/CVE-2023-359xx/CVE-2023-35946.json) (`2023-06-30T21:15:09.070`) -* [CVE-2023-35947](CVE-2023/CVE-2023-359xx/CVE-2023-35947.json) (`2023-06-30T21:15:09.147`) +* [CVE-2023-1206](CVE-2023/CVE-2023-12xx/CVE-2023-1206.json) (`2023-06-30T22:15:09.747`) +* [CVE-2023-22815](CVE-2023/CVE-2023-228xx/CVE-2023-22815.json) (`2023-06-30T22:15:09.817`) +* [CVE-2023-22816](CVE-2023/CVE-2023-228xx/CVE-2023-22816.json) (`2023-06-30T22:15:09.883`) +* [CVE-2023-29241](CVE-2023/CVE-2023-292xx/CVE-2023-29241.json) (`2023-06-30T22:15:09.947`) +* [CVE-2023-2908](CVE-2023/CVE-2023-29xx/CVE-2023-2908.json) (`2023-06-30T22:15:10.017`) +* [CVE-2023-33298](CVE-2023/CVE-2023-332xx/CVE-2023-33298.json) (`2023-06-30T22:15:10.077`) +* [CVE-2023-3117](CVE-2023/CVE-2023-31xx/CVE-2023-3117.json) (`2023-06-30T22:15:10.127`) +* [CVE-2023-3338](CVE-2023/CVE-2023-33xx/CVE-2023-3338.json) (`2023-06-30T22:15:10.270`) +* [CVE-2023-3490](CVE-2023/CVE-2023-34xx/CVE-2023-3490.json) (`2023-06-30T22:15:10.327`) +* [CVE-2023-3491](CVE-2023/CVE-2023-34xx/CVE-2023-3491.json) (`2023-06-30T22:15:10.393`) +* [CVE-2023-3493](CVE-2023/CVE-2023-34xx/CVE-2023-3493.json) (`2023-06-30T22:15:10.460`) +* [CVE-2023-36144](CVE-2023/CVE-2023-361xx/CVE-2023-36144.json) (`2023-06-30T23:15:10.223`) +* [CVE-2023-36812](CVE-2023/CVE-2023-368xx/CVE-2023-36812.json) (`2023-06-30T23:15:10.287`) ### CVEs modified in the last Commit -Recently modified CVEs: `21` +Recently modified CVEs: `11` -* [CVE-2021-26726](CVE-2021/CVE-2021-267xx/CVE-2021-26726.json) (`2023-06-30T21:23:46.500`) -* [CVE-2021-27770](CVE-2021/CVE-2021-277xx/CVE-2021-27770.json) (`2023-06-30T21:26:36.650`) -* [CVE-2021-28510](CVE-2021/CVE-2021-285xx/CVE-2021-28510.json) (`2023-06-30T21:28:04.387`) -* [CVE-2021-28498](CVE-2021/CVE-2021-284xx/CVE-2021-28498.json) (`2023-06-30T21:29:50.630`) -* [CVE-2022-2368](CVE-2022/CVE-2022-23xx/CVE-2022-2368.json) (`2023-06-30T21:31:47.073`) -* [CVE-2022-2370](CVE-2022/CVE-2022-23xx/CVE-2022-2370.json) (`2023-06-30T21:34:25.667`) -* [CVE-2022-2377](CVE-2022/CVE-2022-23xx/CVE-2022-2377.json) (`2023-06-30T21:35:58.937`) -* [CVE-2023-36345](CVE-2023/CVE-2023-363xx/CVE-2023-36345.json) (`2023-06-30T21:12:11.977`) -* [CVE-2023-36346](CVE-2023/CVE-2023-363xx/CVE-2023-36346.json) (`2023-06-30T21:13:25.140`) -* [CVE-2023-34367](CVE-2023/CVE-2023-343xx/CVE-2023-34367.json) (`2023-06-30T21:13:38.460`) -* [CVE-2023-34241](CVE-2023/CVE-2023-342xx/CVE-2023-34241.json) (`2023-06-30T21:15:08.973`) -* [CVE-2023-36348](CVE-2023/CVE-2023-363xx/CVE-2023-36348.json) (`2023-06-30T21:15:15.083`) -* [CVE-2023-28065](CVE-2023/CVE-2023-280xx/CVE-2023-28065.json) (`2023-06-30T21:16:46.027`) -* [CVE-2023-32480](CVE-2023/CVE-2023-324xx/CVE-2023-32480.json) (`2023-06-30T21:17:04.100`) -* [CVE-2023-28073](CVE-2023/CVE-2023-280xx/CVE-2023-28073.json) (`2023-06-30T21:17:26.547`) -* [CVE-2023-28071](CVE-2023/CVE-2023-280xx/CVE-2023-28071.json) (`2023-06-30T21:17:54.033`) -* [CVE-2023-28064](CVE-2023/CVE-2023-280xx/CVE-2023-28064.json) (`2023-06-30T21:18:13.453`) -* [CVE-2023-1329](CVE-2023/CVE-2023-13xx/CVE-2023-1329.json) (`2023-06-30T21:18:40.523`) -* [CVE-2023-21178](CVE-2023/CVE-2023-211xx/CVE-2023-21178.json) (`2023-06-30T21:20:09.863`) -* [CVE-2023-21179](CVE-2023/CVE-2023-211xx/CVE-2023-21179.json) (`2023-06-30T21:20:41.290`) -* [CVE-2023-36612](CVE-2023/CVE-2023-366xx/CVE-2023-36612.json) (`2023-06-30T21:22:47.610`) +* [CVE-2015-7559](CVE-2015/CVE-2015-75xx/CVE-2015-7559.json) (`2023-06-30T22:15:09.373`) +* [CVE-2015-20107](CVE-2015/CVE-2015-201xx/CVE-2015-20107.json) (`2023-06-30T23:15:09.223`) +* [CVE-2020-10735](CVE-2020/CVE-2020-107xx/CVE-2020-10735.json) (`2023-06-30T23:15:09.393`) +* [CVE-2021-0701](CVE-2021/CVE-2021-07xx/CVE-2021-0701.json) (`2023-06-30T22:15:09.567`) +* [CVE-2021-0945](CVE-2021/CVE-2021-09xx/CVE-2021-0945.json) (`2023-06-30T22:15:09.640`) +* [CVE-2021-3426](CVE-2021/CVE-2021-34xx/CVE-2021-3426.json) (`2023-06-30T23:15:09.543`) +* [CVE-2021-3733](CVE-2021/CVE-2021-37xx/CVE-2021-3733.json) (`2023-06-30T23:15:09.690`) +* [CVE-2021-3737](CVE-2021/CVE-2021-37xx/CVE-2021-3737.json) (`2023-06-30T23:15:09.843`) +* [CVE-2021-4189](CVE-2021/CVE-2021-41xx/CVE-2021-4189.json) (`2023-06-30T23:15:09.980`) +* [CVE-2022-45061](CVE-2022/CVE-2022-450xx/CVE-2022-45061.json) (`2023-06-30T23:15:10.097`) +* [CVE-2023-3316](CVE-2023/CVE-2023-33xx/CVE-2023-3316.json) (`2023-06-30T22:15:10.183`) ## Download and Usage