From 1ea352e5d69cd8a179964d5375ebf67e50a40034 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 7 Jul 2023 18:00:37 +0000 Subject: [PATCH] Auto-Update: 2023-07-07T18:00:33.903204+00:00 --- CVE-2021/CVE-2021-319xx/CVE-2021-31982.json | 66 +- CVE-2021/CVE-2021-344xx/CVE-2021-34475.json | 62 +- CVE-2021/CVE-2021-345xx/CVE-2021-34506.json | 62 +- CVE-2021/CVE-2021-423xx/CVE-2021-42307.json | 62 +- CVE-2022/CVE-2022-239xx/CVE-2022-23913.json | 10 +- CVE-2022/CVE-2022-283xx/CVE-2022-28331.json | 10 +- CVE-2023/CVE-2023-201xx/CVE-2023-20120.json | 128 +- CVE-2023/CVE-2023-201xx/CVE-2023-20178.json | 65 +- CVE-2023/CVE-2023-201xx/CVE-2023-20188.json | 3337 ++++++++++++++++++- CVE-2023/CVE-2023-252xx/CVE-2023-25201.json | 24 + CVE-2023/CVE-2023-260xx/CVE-2023-26085.json | 73 +- CVE-2023/CVE-2023-278xx/CVE-2023-27845.json | 24 + CVE-2023/CVE-2023-299xx/CVE-2023-29998.json | 24 + CVE-2023/CVE-2023-309xx/CVE-2023-30946.json | 59 +- CVE-2023/CVE-2023-309xx/CVE-2023-30955.json | 59 +- CVE-2023/CVE-2023-312xx/CVE-2023-31222.json | 58 +- CVE-2023/CVE-2023-31xx/CVE-2023-3117.json | 92 +- CVE-2023/CVE-2023-326xx/CVE-2023-32607.json | 69 +- CVE-2023/CVE-2023-326xx/CVE-2023-32608.json | 69 +- CVE-2023/CVE-2023-332xx/CVE-2023-33277.json | 86 +- CVE-2023/CVE-2023-333xx/CVE-2023-33336.json | 64 +- CVE-2023/CVE-2023-336xx/CVE-2023-33664.json | 24 + CVE-2023/CVE-2023-337xx/CVE-2023-33715.json | 28 + CVE-2023/CVE-2023-33xx/CVE-2023-3338.json | 63 +- CVE-2023/CVE-2023-346xx/CVE-2023-34658.json | 65 +- CVE-2023/CVE-2023-348xx/CVE-2023-34844.json | 65 +- CVE-2023/CVE-2023-34xx/CVE-2023-3447.json | 54 +- CVE-2023/CVE-2023-359xx/CVE-2023-35987.json | 14 +- CVE-2023/CVE-2023-35xx/CVE-2023-3541.json | 84 + CVE-2023/CVE-2023-35xx/CVE-2023-3542.json | 84 + CVE-2023/CVE-2023-35xx/CVE-2023-3543.json | 84 + CVE-2023/CVE-2023-35xx/CVE-2023-3544.json | 84 + CVE-2023/CVE-2023-361xx/CVE-2023-36143.json | 81 +- CVE-2023/CVE-2023-362xx/CVE-2023-36201.json | 20 + CVE-2023/CVE-2023-364xx/CVE-2023-36467.json | 63 +- CVE-2023/CVE-2023-364xx/CVE-2023-36476.json | 71 +- CVE-2023/CVE-2023-364xx/CVE-2023-36484.json | 95 +- CVE-2023/CVE-2023-364xx/CVE-2023-36488.json | 75 +- CVE-2023/CVE-2023-370xx/CVE-2023-37061.json | 24 + CVE-2023/CVE-2023-370xx/CVE-2023-37062.json | 24 + CVE-2023/CVE-2023-370xx/CVE-2023-37063.json | 24 + CVE-2023/CVE-2023-370xx/CVE-2023-37064.json | 24 + CVE-2023/CVE-2023-370xx/CVE-2023-37065.json | 24 + CVE-2023/CVE-2023-370xx/CVE-2023-37066.json | 24 + CVE-2023/CVE-2023-370xx/CVE-2023-37067.json | 24 + CVE-2023/CVE-2023-372xx/CVE-2023-37264.json | 63 + CVE-2023/CVE-2023-373xx/CVE-2023-37365.json | 65 +- README.md | 87 +- 48 files changed, 5773 insertions(+), 167 deletions(-) create mode 100644 CVE-2023/CVE-2023-252xx/CVE-2023-25201.json create mode 100644 CVE-2023/CVE-2023-278xx/CVE-2023-27845.json create mode 100644 CVE-2023/CVE-2023-299xx/CVE-2023-29998.json create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33664.json create mode 100644 CVE-2023/CVE-2023-337xx/CVE-2023-33715.json create mode 100644 CVE-2023/CVE-2023-35xx/CVE-2023-3541.json create mode 100644 CVE-2023/CVE-2023-35xx/CVE-2023-3542.json create mode 100644 CVE-2023/CVE-2023-35xx/CVE-2023-3543.json create mode 100644 CVE-2023/CVE-2023-35xx/CVE-2023-3544.json create mode 100644 CVE-2023/CVE-2023-362xx/CVE-2023-36201.json create mode 100644 CVE-2023/CVE-2023-370xx/CVE-2023-37061.json create mode 100644 CVE-2023/CVE-2023-370xx/CVE-2023-37062.json create mode 100644 CVE-2023/CVE-2023-370xx/CVE-2023-37063.json create mode 100644 CVE-2023/CVE-2023-370xx/CVE-2023-37064.json create mode 100644 CVE-2023/CVE-2023-370xx/CVE-2023-37065.json create mode 100644 CVE-2023/CVE-2023-370xx/CVE-2023-37066.json create mode 100644 CVE-2023/CVE-2023-370xx/CVE-2023-37067.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37264.json diff --git a/CVE-2021/CVE-2021-319xx/CVE-2021-31982.json b/CVE-2021/CVE-2021-319xx/CVE-2021-31982.json index ce017399f45..82141d10c8e 100644 --- a/CVE-2021/CVE-2021-319xx/CVE-2021-31982.json +++ b/CVE-2021/CVE-2021-319xx/CVE-2021-31982.json @@ -2,19 +2,43 @@ "id": "CVE-2021-31982", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-01T00:15:09.683", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:24:45.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability" + }, + { + "lang": "es", + "value": "Microsoft Edge (basado en Chromium) contiene una vulnerabilidad en la funci\u00f3n de seguridad que podr\u00eda permitir su omisi\u00f3n" } ], "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", @@ -34,10 +58,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "91.0.864.37", + "matchCriteriaId": "5030D975-8B99-4781-8840-3C0F084614B9" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-344xx/CVE-2021-34475.json b/CVE-2021/CVE-2021-344xx/CVE-2021-34475.json index 5340cb10fd5..7439d920ff6 100644 --- a/CVE-2021/CVE-2021-344xx/CVE-2021-34475.json +++ b/CVE-2021/CVE-2021-344xx/CVE-2021-34475.json @@ -2,8 +2,8 @@ "id": "CVE-2021-34475", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-01T00:15:09.757", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:25:10.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", @@ -34,10 +54,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "91.0.864.59", + "matchCriteriaId": "E61AD06C-6EC7-4A12-96E9-5367B64ADF34" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-345xx/CVE-2021-34506.json b/CVE-2021/CVE-2021-345xx/CVE-2021-34506.json index 307c6bef1d8..8f0c08f1278 100644 --- a/CVE-2021/CVE-2021-345xx/CVE-2021-34506.json +++ b/CVE-2021/CVE-2021-345xx/CVE-2021-34506.json @@ -2,8 +2,8 @@ "id": "CVE-2021-34506", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-01T00:15:09.823", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:35:05.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", @@ -34,10 +54,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "91.0.864.59", + "matchCriteriaId": "E61AD06C-6EC7-4A12-96E9-5367B64ADF34" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-423xx/CVE-2021-42307.json b/CVE-2021/CVE-2021-423xx/CVE-2021-42307.json index 145a883b008..f8726bb323f 100644 --- a/CVE-2021/CVE-2021-423xx/CVE-2021-42307.json +++ b/CVE-2021/CVE-2021-423xx/CVE-2021-42307.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42307", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-01T00:15:09.883", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:35:49.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", @@ -34,10 +54,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "95.0.1020.30", + "matchCriteriaId": "92F0909B-B754-40A3-A76F-ED95879CF0DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42307", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-239xx/CVE-2022-23913.json b/CVE-2022/CVE-2022-239xx/CVE-2022-23913.json index d787fca0ee7..82225ec01a7 100644 --- a/CVE-2022/CVE-2022-239xx/CVE-2022-23913.json +++ b/CVE-2022/CVE-2022-239xx/CVE-2022-23913.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23913", "sourceIdentifier": "security@apache.org", "published": "2022-02-04T23:15:15.827", - "lastModified": "2023-06-30T18:53:51.587", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-07T16:15:09.390", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@apache.org", "type": "Primary", "description": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-770" } ] } diff --git a/CVE-2022/CVE-2022-283xx/CVE-2022-28331.json b/CVE-2022/CVE-2022-283xx/CVE-2022-28331.json index c53e0dd5d54..3ece746aca4 100644 --- a/CVE-2022/CVE-2022-283xx/CVE-2022-28331.json +++ b/CVE-2022/CVE-2022-283xx/CVE-2022-28331.json @@ -2,8 +2,8 @@ "id": "CVE-2022-28331", "sourceIdentifier": "security@apache.org", "published": "2023-01-31T16:15:08.977", - "lastModified": "2023-06-28T14:28:29.000", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-07T16:15:09.550", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -36,7 +36,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@apache.org", "type": "Primary", "description": [ { @@ -46,12 +46,12 @@ ] }, { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-787" + "value": "CWE-190" } ] } diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20120.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20120.json index dc53202142d..a769f368917 100644 --- a/CVE-2023/CVE-2023-201xx/CVE-2023-20120.json +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20120.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20120", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-06-28T15:15:09.760", - "lastModified": "2023-06-28T15:25:19.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:02:41.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "ykramarz@cisco.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -46,10 +78,100 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418:*:*:*:*:*:*:*", + "matchCriteriaId": "91A23056-1521-4982-8F4D-BCDB6F9E98EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033:*:*:*:*:*:*:*", + "matchCriteriaId": "D9897B99-0295-4D4D-8EE7-88FB5BC97123" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053:*:*:*:*:*:*:*", + "matchCriteriaId": "286B37A2-A7B1-44D9-A2BD-56F9C26195A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050:*:*:*:*:*:*:*", + "matchCriteriaId": "3774F588-98E5-4197-B858-FF83B5838265" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256:*:*:*:*:*:*:*", + "matchCriteriaId": "99A048C2-7352-4ED5-990F-95467AAB022C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418:*:*:*:*:*:*:*", + "matchCriteriaId": "02212FE3-CEE6-4609-B9AE-CD228F4ADFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033:*:*:*:*:*:*:*", + "matchCriteriaId": "B0DB52EF-1542-4665-AC44-F1E3B074B615" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053:*:*:*:*:*:*:*", + "matchCriteriaId": "615DD221-9200-41D1-9DAF-CC8BEB67342C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050:*:*:*:*:*:*:*", + "matchCriteriaId": "4AEA665F-86B3-4AA6-9E99-6F935264222A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256:*:*:*:*:*:*:*", + "matchCriteriaId": "988AAD9A-B4FD-42C5-B222-53A4E69CE87E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.0-418:*:*:*:*:*:*:*", + "matchCriteriaId": "5A694B4F-D454-405B-B620-A899543DA2E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-033:*:*:*:*:*:*:*", + "matchCriteriaId": "CB812B1F-3E7E-4AD6-9AA3-241B957A0047" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-053:*:*:*:*:*:*:*", + "matchCriteriaId": "BDE6AB7B-561D-4D50-907B-605CD0649A98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-050:*:*:*:*:*:*:*", + "matchCriteriaId": "B71B523B-95F6-463F-B96B-9C301B6FFA9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-256:*:*:*:*:*:*:*", + "matchCriteriaId": "1DFDA027-9BED-4DB5-804D-A192FF8138CF" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20178.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20178.json index dc1f8205efc..f1097319272 100644 --- a/CVE-2023/CVE-2023-201xx/CVE-2023-20178.json +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20178.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20178", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-06-28T15:15:09.880", - "lastModified": "2023-06-28T15:25:19.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:47:17.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "ykramarz@cisco.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -46,10 +78,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "4.10.07061", + "matchCriteriaId": "9980A481-8A54-475A-B735-0C339FF30314" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.0.02075", + "matchCriteriaId": "7A856448-9BF4-4693-A1EA-3B6C06DB4259" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20188.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20188.json index b8d366c5177..8396c220147 100644 --- a/CVE-2023/CVE-2023-201xx/CVE-2023-20188.json +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20188.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20188", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-06-28T15:15:09.943", - "lastModified": "2023-06-28T15:25:19.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:55:35.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "ykramarz@cisco.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -46,10 +78,3309 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-24_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "8A9AC171-14AC-4002-8098-560B87552B50" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1866B4D0-0FF2-4C79-A07B-4FAE5586F7E0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-24fp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "55A2374E-6C10-4116-A65A-4CF16DF9FC62" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-24fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D8A349B-73D2-4010-90C2-B153B3245487" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-24p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "D178FCF5-DC70-4E50-AC48-541A9D10BC6A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4A8518B-EE72-4CEA-B2A8-9F17898F4476" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-48_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "7C28921E-6F49-405D-8892-03C3B471CA60" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19F27801-DCF0-4843-90F8-2A1694BB29E2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-48p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "9BA9D18A-B1B2-44CD-AEF8-65038EE5BFA2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B12AEA51-CF3B-44CC-9943-E370A29EFDC9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-08_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "E21B324D-F948-4373-A9FB-F07F56473774" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-08:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7C96B794-16D3-46FE-8A2B-262BD38994E8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-24_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "EC313EB0-C812-4B77-B6EB-6E5D106CA1DB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C324F7E3-2088-452F-B049-519A9D25C9B5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-24mp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "61C7AA57-56B9-4C39-98FC-A9C72F9B2C60" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-24mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4882366A-9450-47BE-BE70-CC3A9D2F5275" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-24p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "EB1E7DA8-4181-47C8-B86E-72DEA912DD15" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "71D909B9-5B11-401E-8484-D6CD39D64142" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-24pp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "E942E2D0-C4AF-47C4-A9E6-3F26D66F9D1E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-24pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E7B70CB-9D7A-4637-8A51-634157F7AC85" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-48_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "E9F50236-E49B-4BE1-BC96-E3EB3997541B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "765DECDB-4234-4444-B78F-01C1DCBAD8FA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-48p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "DEC94589-59F0-451D-AE0B-1A2610EC9F8D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A5307DEF-DCD1-417A-B649-FF4DCE66193E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-48pp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "A6451DB3-575F-4E48-9839-083F00C35B61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-48pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E5248F85-411D-4ED9-983C-A28A90C8FC70" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "8CB83A46-C1E5-4CF9-9615-41F3C315FC02" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04042998-72B6-4215-9264-CC563E51D9CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08mp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "735E92BB-E4D9-46B5-B9A3-A685934F456F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8124725E-8340-43BC-BEBB-BC39E3AE7368" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08mpp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "17426691-ADB9-429C-8B37-A479C630B95A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19890DBE-F1B9-4454-8738-AC2AC6704C75" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "AD5D6C94-CF45-4252-9F26-C41E5030F001" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9C97D56-2E3C-4F36-89E2-BC169AED3CC2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08pp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "5C95827B-4219-4EB8-B54C-21C9E852F234" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFFEF3C3-0C7C-4359-A45F-00152ACAB545" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-24_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "43D92875-4121-41B0-8A3F-AAFFD6AE06D7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C0F8958-8059-411B-86C8-40B1073C80C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-24mp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "6A7315B4-7D78-4AAF-A2ED-B3223F15E357" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-24mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8723C660-F052-4C9B-ADD1-8484C7209701" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-24p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "4E35D030-BE72-4B10-A6F7-2E974820D080" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "218D6018-551C-46B8-AE27-F88E6052F37B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-48_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "4E13A680-CE5D-4E72-8CC7-15C969452909" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EAB8DE78-E398-458B-98EF-EEEB6E219BAB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-48mp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "37DEA5BF-6763-4835-8427-0C186BE9B8A3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-48mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C6E049B2-C818-4929-8DDA-3B38BF8C7B3A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-48p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "F9083862-CB21-4B2B-8C79-41EACB8DAC05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E443C685-F000-4F89-ADEA-7084138018D1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-08_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "A6B61004-D935-48EF-A9E3-E7735B1BB2C0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-08:-:*:*:*:*:*:*:*", + "matchCriteriaId": "335CA93E-604D-4060-9D24-E4E9D7740A3E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-08p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "A5E14105-EDED-4BA7-90BC-255820C2A3C1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-08p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB844823-174D-487B-A211-E650D638A010" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-10fp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "9787C626-A184-444F-A7E9-4A6BB492ADA2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-10fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D173967C-5FF3-49DE-863B-26F7DF8B5F01" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-18_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "7AC232C5-72C6-4C26-A541-32EC60B4B51A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DCD5CDA0-F982-492B-B631-6B0958F82A7F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-26_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "28F53652-ED52-403C-AF2F-66DA704E2EE1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-26:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F2F454F-9084-4AD8-8F81-45A4AFAF63B7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-26fp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "8E0A9611-5958-42CD-9035-EDE62F8ED736" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-26fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0ACAD62-EA73-494C-8244-541642C3E397" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-26p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "0E3094AA-4983-46B8-8DBB-D899FCC83085" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-26p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A30A529-9796-4D10-AE55-698930E95CD9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-50_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "85C058FB-AE72-4A03-86E2-A3FD2D154B90" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0219D69-91AE-4558-BF12-93BB82D74A48" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-50fp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "FA01D2F4-C37C-4182-A0D0-8B9C565B9DAB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-50fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64E81B93-C7DB-4CC7-9FEA-914C853411B2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-50p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "559F87CC-2CAE-4993-AF18-2B4C20B0F86C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-50p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "82842273-F24B-4210-8E07-5F7253018FC0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "531206F5-A601-4A31-A3F3-0CBF4AF3B329" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78B44981-5C59-4328-A7DB-FBF50F9C92C2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10mp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "58F68741-2F9B-4438-8B6E-2E76E42032F6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95F6D7AC-2ACB-4693-AB8E-C700B99C5BF4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10mpp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "11835FD0-2107-4FBE-8027-FBA60817E624" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AAD7CDE3-7247-4EA9-8A72-7ABC961BD895" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "D34720E3-5EE5-4C3F-98C1-B288CAF4C114" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9054C3D1-BA1A-4BAC-8834-88673B804E4E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10pp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "11F581CD-52CF-495B-A1B9-346D47C7F7D4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8F1772C3-48DB-4BEF-9F12-CDCC3BBFA0E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10sfp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "3D1CFE7D-4EA1-4673-95A2-B5F98E375508" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10sfp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B402FBC0-91FC-471D-9D8A-C71F4FECF338" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-20_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "AF68BBFD-A14A-48DB-89F3-50F90D308D97" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-20:-:*:*:*:*:*:*:*", + "matchCriteriaId": "50A677CE-4360-4780-ABF9-466C45CB19E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "A100F872-E7F4-4188-AB44-594F9612F478" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E74DB8D8-B79B-4DAE-BF88-98C1F518E76D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28mp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "BE30BE52-B04C-467D-9A5E-8F71B4C2F3CA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2DB2B761-E591-42B6-B62F-63A6D41F4FAC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "6FAB4ACB-70C8-4BD2-9E1A-D5DCE06B3FBA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2D5109D-C78B-4362-B000-0AA073FCC843" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28pp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "261CC970-0D09-4E85-A063-A68CE026B593" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD6F6741-AA56-47EA-998C-78FD7F6B01CC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28sfp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "E5EDC0B7-F004-4841-B848-E653E4FF044B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28sfp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FAD69957-B714-406D-9775-92A7D993BAC6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-52_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "797B03EC-8CE9-41C9-B77A-975A7664CC9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-52:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E26EE1D-763F-4893-9997-F4C1CE7A1089" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-52mp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "ADEFD297-FDDC-4677-B52E-7FACA67FA71D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-52mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4C3B5A2-CAE6-4E75-A1A3-4FCB1C62A7A8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-52p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "ED0F2E5D-7A5A-4205-8F88-1DC6F593E713" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-52p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5E9DF9C4-9D06-4449-8AF0-8322C6B77F6A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-28_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "AC7C75B3-15EE-44A8-9E43-260AE291B976" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-28:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0779C5EE-C145-4C28-8F60-EE692409102D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-28mpp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "56410391-DF3C-4DCE-A60B-353E7BF29512" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-28mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA6035EA-0F55-4C76-9E2F-DD4938576D1A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-28p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "EA0F0352-CA25-4B88-B085-24284D46E93F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-28p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF4D4AD6-C5FD-40D8-B002-2B784EC88B89" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-52_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "AC49F3D7-B297-4E6C-9097-8211F73C0E86" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-52:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40273E59-7C60-4094-B9FC-A633A2F23E61" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-52mp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "6F677D33-4599-4473-8A27-D23AFAA0F39F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-52mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "36E534B2-12EA-489B-A939-4F1965B5EC66" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-52p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "72A0989C-1D6E-42EB-A2E6-160230278869" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-52p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "14A201E5-0603-4C96-8F4B-87934B7B99D7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-24_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "AD864A7F-BF96-463B-893D-F07EBBFBAE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1A9D4D4-EF09-4862-B62A-94913AEFA2BE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-24mpp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "752D57E3-AF8A-4CE7-A8E6-E56F87065D01" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-24mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1280ABD-C15B-42BF-AF72-B54C3BCBAF83" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-24p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "FCEAAE08-05B1-4AF9-A4D1-1B64EDCCE0E7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0093FE2A-3D4C-4435-AE35-D213C9700771" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-48_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "6E4772E3-D480-4B46-A4CE-0F5AD0A653F1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B84D71EE-64CC-4966-98D1-C0697816120A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-48mpp_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "0168AC27-481D-46F9-9D43-86B32396C558" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-48mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "626915FA-9BBA-4488-944A-8B4AB12F875C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-48p_firmware:1.4.11.02:*:*:*:*:*:*:*", + "matchCriteriaId": "48ABC697-8FD0-44C7-9F76-18F282102F92" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5E99C3C2-0B98-4108-8102-80132BF47A32" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-24_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "B1CAA825-B0AD-4C14-BC09-231ED4938436" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1866B4D0-0FF2-4C79-A07B-4FAE5586F7E0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-24fp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "88440C60-5B68-4F12-A11C-C77A7AC311EB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-24fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D8A349B-73D2-4010-90C2-B153B3245487" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-24p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "7EC4DEC4-4680-4875-9216-BB17515DC13A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4A8518B-EE72-4CEA-B2A8-9F17898F4476" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-48_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "86BDF7D0-77DD-4EB9-8479-E7FD571B5D0E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19F27801-DCF0-4843-90F8-2A1694BB29E2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf200-48p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "870CFE1B-C197-4736-AC1E-9EE3C78C66FE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf200-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B12AEA51-CF3B-44CC-9943-E370A29EFDC9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-08_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "5E564D0F-9930-43E6-9870-62FA6EA43709" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-08:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7C96B794-16D3-46FE-8A2B-262BD38994E8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-24_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "2E714B36-1E4C-44AF-B77A-EC3096AA2453" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C324F7E3-2088-452F-B049-519A9D25C9B5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-24mp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FFA72C42-80CE-4A79-8E78-573ADC05F23C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-24mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4882366A-9450-47BE-BE70-CC3A9D2F5275" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-24p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "0C006D0E-7431-437B-A7B3-BCB254DCC3CB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "71D909B9-5B11-401E-8484-D6CD39D64142" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-24pp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "EEC6B8EF-216F-4F8A-A773-A5FE43F9879B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-24pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E7B70CB-9D7A-4637-8A51-634157F7AC85" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-48_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "86DBC700-58C8-4DDC-B54A-ACCCCE96CBC9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "765DECDB-4234-4444-B78F-01C1DCBAD8FA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-48p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "EC813BE9-C9CD-40CA-8CC0-6049A7AA1649" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A5307DEF-DCD1-417A-B649-FF4DCE66193E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf300-48pp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "EF7093AE-315D-40F3-B5D3-EF5ADE895F20" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf300-48pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E5248F85-411D-4ED9-983C-A28A90C8FC70" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "9397D6BD-A353-4250-ACF7-C8F1351D52F9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04042998-72B6-4215-9264-CC563E51D9CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08mp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "7C6ABCD7-9851-4F3E-9AC9-61104B1CB773" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8124725E-8340-43BC-BEBB-BC39E3AE7368" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08mpp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "E9F81FE8-D42F-48DE-B122-01F135898A7A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19890DBE-F1B9-4454-8738-AC2AC6704C75" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "50AFA121-C169-4BD8-B754-E82A37681C3A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9C97D56-2E3C-4F36-89E2-BC169AED3CC2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf302-08pp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "2BBD8B5F-6712-4F62-92D0-B50773ACA4D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf302-08pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFFEF3C3-0C7C-4359-A45F-00152ACAB545" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-24_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "48C330A1-ADE4-4609-B7BE-E3FFFAB5F7E3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C0F8958-8059-411B-86C8-40B1073C80C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-24mp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "979E74B4-244D-440F-8891-7B325A46BCB4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-24mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8723C660-F052-4C9B-ADD1-8484C7209701" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-24p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "CE6B497F-75EE-4578-B7B1-C90F3ACF1917" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "218D6018-551C-46B8-AE27-F88E6052F37B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-48_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "9C21C791-1663-4E7D-827E-666CAF15EE72" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EAB8DE78-E398-458B-98EF-EEEB6E219BAB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-48mp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FC8A5668-3520-4F59-8EA4-BAA6333AAC1B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-48mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C6E049B2-C818-4929-8DDA-3B38BF8C7B3A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf500-48p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FDBF7D0F-6B27-49F2-82A3-15DD33F1AE7C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf500-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E443C685-F000-4F89-ADEA-7084138018D1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-08_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "B6DBE200-46E8-41FA-AFDC-8CED27D6F511" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-08:-:*:*:*:*:*:*:*", + "matchCriteriaId": "335CA93E-604D-4060-9D24-E4E9D7740A3E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-08p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "23BEB0F7-66C0-4951-9F94-9C61213EDED7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-08p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB844823-174D-487B-A211-E650D638A010" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-10fp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "77A71D69-1243-457E-974D-49EBE00D8BD6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-10fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D173967C-5FF3-49DE-863B-26F7DF8B5F01" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-18_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "23022901-0DFF-4156-905C-81812A423526" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DCD5CDA0-F982-492B-B631-6B0958F82A7F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-26_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "38C16F20-05A8-459A-843B-B8694DAD45E3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-26:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F2F454F-9084-4AD8-8F81-45A4AFAF63B7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-26fp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "BE6209AA-2789-4272-A57E-57DEBBA05E4A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-26fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0ACAD62-EA73-494C-8244-541642C3E397" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-26p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "C7DA3FD3-B1DA-4B1A-99B8-978B59B45FDB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-26p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A30A529-9796-4D10-AE55-698930E95CD9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-50_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "29C16C97-F75A-4AF6-8EC3-DA9F61171C37" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0219D69-91AE-4558-BF12-93BB82D74A48" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-50fp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "8A8835AB-405B-4CB8-8041-4E6C50055F81" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-50fp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64E81B93-C7DB-4CC7-9FEA-914C853411B2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg200-50p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "CC030FB6-355D-427F-B0E7-245204ABABE7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg200-50p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "82842273-F24B-4210-8E07-5F7253018FC0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "832FCECA-A9E4-4ACE-96D3-165745977024" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78B44981-5C59-4328-A7DB-FBF50F9C92C2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10mp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "24F4091E-57FB-4100-B217-00D94B87E18B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95F6D7AC-2ACB-4693-AB8E-C700B99C5BF4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10mpp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D44DB8D9-D92D-4293-81F2-3480F4E2224A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AAD7CDE3-7247-4EA9-8A72-7ABC961BD895" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "BCB131CE-BFCD-4FBB-B257-BE87946C95FC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9054C3D1-BA1A-4BAC-8834-88673B804E4E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10pp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "7D2C7D63-0402-4BB5-86DC-2A0F875B5E37" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8F1772C3-48DB-4BEF-9F12-CDCC3BBFA0E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-10sfp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FE5282D8-FD1F-4F1A-8C7E-0E126B858321" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-10sfp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B402FBC0-91FC-471D-9D8A-C71F4FECF338" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-20_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "1152F937-B226-4593-A49B-31FBDBA69B13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-20:-:*:*:*:*:*:*:*", + "matchCriteriaId": "50A677CE-4360-4780-ABF9-466C45CB19E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "121EC8DA-2CF5-4F8A-AC88-5E947283E1FF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E74DB8D8-B79B-4DAE-BF88-98C1F518E76D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28mp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "90F9D645-9E95-4398-A8A6-FA7BCBE0E3CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2DB2B761-E591-42B6-B62F-63A6D41F4FAC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "60C3AF65-64A6-4303-9624-6CA63759B11D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2D5109D-C78B-4362-B000-0AA073FCC843" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28pp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "2CC337B3-10E5-4A95-A260-B2B64213BDD7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28pp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD6F6741-AA56-47EA-998C-78FD7F6B01CC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-28sfp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "3190DE0A-9BD0-4E1A-A034-B6D725EF123E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-28sfp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FAD69957-B714-406D-9775-92A7D993BAC6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-52_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "ABE50490-CB24-4584-9776-39CDEB86E04C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-52:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E26EE1D-763F-4893-9997-F4C1CE7A1089" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-52mp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "EDE555F2-15ED-465F-8AF8-805BFE88CC3B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-52mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4C3B5A2-CAE6-4E75-A1A3-4FCB1C62A7A8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg300-52p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "6DBA7829-ABCE-42E8-AA1E-7EDCCF6566FC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg300-52p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5E9DF9C4-9D06-4449-8AF0-8322C6B77F6A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-28_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D750B49D-412A-4369-BBE8-81AB7EE331B7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-28:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0779C5EE-C145-4C28-8F60-EE692409102D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-28mpp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "EA8BF101-B89F-4904-AC6A-3DFACA6C8674" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-28mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA6035EA-0F55-4C76-9E2F-DD4938576D1A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-28p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "8108CA60-8E15-46A7-A377-5D38F0BEF861" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-28p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF4D4AD6-C5FD-40D8-B002-2B784EC88B89" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-52_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "C4B083FA-400C-4AF1-8019-16364E1E4719" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-52:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40273E59-7C60-4094-B9FC-A633A2F23E61" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-52mp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "37D24947-89EE-4154-9437-ECE5F2413DF0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-52mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "36E534B2-12EA-489B-A939-4F1965B5EC66" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500-52p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "20C8C4A9-5782-4121-94A0-99B45312D3EA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500-52p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "14A201E5-0603-4C96-8F4B-87934B7B99D7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-24_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "4B8A0140-9152-4643-BBAD-7D4D2B701678" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1A9D4D4-EF09-4862-B62A-94913AEFA2BE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-24mpp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "95CC3649-2DE3-46E5-8B75-8B7B842682E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-24mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1280ABD-C15B-42BF-AF72-B54C3BCBAF83" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-24p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "F5055E33-E816-476F-BA37-7042F5925D62" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0093FE2A-3D4C-4435-AE35-D213C9700771" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-48_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "0FF2C6A6-F7DA-45A0-9AB2-D4E74DC47C71" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B84D71EE-64CC-4966-98D1-C0697816120A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-48mpp_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "E801FB4F-3897-4DB3-8C75-A9F8B4FC180E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-48mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "626915FA-9BBA-4488-944A-8B4AB12F875C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg500x-48p_firmware:1.4.11.5:*:*:*:*:*:*:*", + "matchCriteriaId": "497A4284-1D77-4908-A1FB-5A1E6A9F4DE4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg500x-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5E99C3C2-0B98-4108-8102-80132BF47A32" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-sxss-OPYJZUmE", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-252xx/CVE-2023-25201.json b/CVE-2023/CVE-2023-252xx/CVE-2023-25201.json new file mode 100644 index 00000000000..510f6b3e0a9 --- /dev/null +++ b/CVE-2023/CVE-2023-252xx/CVE-2023-25201.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-25201", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T16:15:09.680", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/security-advisories/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.multitech.com", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26085.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26085.json index 0d4bf2c96af..d24b0650921 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26085.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26085.json @@ -2,23 +2,86 @@ "id": "CVE-2023-26085", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-29T17:15:09.707", - "lastModified": "2023-06-29T18:16:42.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:01:51.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arm:nn_android_neural_networks_driver:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.02", + "matchCriteriaId": "0FE499C1-5AB6-4217-B438-CBA9548B059A" + } + ] + } + ] + } + ], "references": [ { "url": "https://developer.arm.com/Arm%20Security%20Center", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/ARM-software/android-nn-driver/releases/tag/v23.02", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27845.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27845.json new file mode 100644 index 00000000000..9602059e022 --- /dev/null +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27845.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-27845", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:09.540", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kerawen.com/logiciel-de-caisse/", + "source": "cve@mitre.org" + }, + { + "url": "https://security.friendsofpresta.org/modules/2023/07/06/kerawen_ocs.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29998.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29998.json new file mode 100644 index 00000000000..03b0b83f952 --- /dev/null +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29998.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-29998", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T16:15:09.737", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/g3w-suite", + "source": "cve@mitre.org" + }, + { + "url": "https://labs.yarix.com/2023/07/gis3w-persistent-xss-in-g3wsuite-3-5-cve-2023-29998/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30946.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30946.json index e32d3fcdd6c..1707cde9910 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30946.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30946.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30946", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2023-06-29T19:15:08.837", - "lastModified": "2023-06-29T23:57:54.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:04:55.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cve-coordination@palantir.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palantir:foundry_issues:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.497.0", + "matchCriteriaId": "6B99AD70-904F-4ED0-BAE1-F1297B3C91C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3", - "source": "cve-coordination@palantir.com" + "source": "cve-coordination@palantir.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30955.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30955.json index 520b5b4022c..644cbcbd7fd 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30955.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30955.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30955", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2023-06-29T19:15:08.913", - "lastModified": "2023-06-29T23:57:54.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:52:53.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "cve-coordination@palantir.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palantir:foundry_workspace-server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.7.0", + "matchCriteriaId": "53361180-BF9C-4576-B127-49632C2A9688" + } + ] + } + ] + } + ], "references": [ { "url": "https://palantir.safebase.us/?tcuUid=0c3f6c33-4eb0-48b5-ab87-fe48c46a4170", - "source": "cve-coordination@palantir.com" + "source": "cve-coordination@palantir.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31222.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31222.json index f8facc39d7a..582b7e285cb 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31222.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31222.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31222", "sourceIdentifier": "security@medtronic.com", "published": "2023-06-29T16:15:09.777", - "lastModified": "2023-06-29T18:16:42.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:13:00.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@medtronic.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "security@medtronic.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:medtronic:paceart_optima:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "1.12", + "matchCriteriaId": "A39B5C21-C4A0-4F23-93BF-A0E5AA01DA65" + } + ] + } + ] + } + ], "references": [ { "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html", - "source": "security@medtronic.com" + "source": "security@medtronic.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json index 6a756bf1edd..593d7b087f9 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3117.json @@ -2,16 +2,49 @@ "id": "CVE-2023-3117", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-30T22:15:10.127", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:11:07.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,10 +56,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.4", + "matchCriteriaId": "18D12E25-2947-44E7-989D-24450E013A1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", + "matchCriteriaId": "38BC6744-7D25-4C02-9966-B224CD071D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*", + "matchCriteriaId": "76061B41-CAE9-4467-BEDE-0FFC7956F2A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*", + "matchCriteriaId": "A717BA5B-D535-46A0-A329-A25FE5CEC588" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*", + "matchCriteriaId": "89CC80C6-F1EE-4AC7-BD21-DB3217BADE87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*", + "matchCriteriaId": "41EACEA1-FB69-4AF2-BC52-D39489858D42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*", + "matchCriteriaId": "9E1C36BE-F9D8-40B6-8281-5B8F9B42322D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32607.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32607.json index 34b2c9c2736..1043c1f3e98 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32607.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32607.json @@ -2,23 +2,82 @@ "id": "CVE-2023-32607", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-06-30T03:15:09.237", - "lastModified": "2023-06-30T12:59:54.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:28:45.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pleasanter:pleasanter:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.39.2", + "matchCriteriaId": "017BB51F-B65B-4B80-81B0-C36506C82109" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97818024/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://pleasanter.org/archives/vulnerability-update-202306", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32608.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32608.json index 2b84e78d44f..47673aab85d 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32608.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32608.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32608", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-06-30T03:15:09.297", - "lastModified": "2023-06-30T12:59:54.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:29:16.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "La vulnerabilidad de salto de directorios en Pleasanter (Community Edition y Enterprise Edition) v1.3.39.2 y versiones anteriores permite a un atacante remoto autenticado alterar un archivo arbitrario en el servidor. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pleasanter:pleasanter:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.39.2", + "matchCriteriaId": "017BB51F-B65B-4B80-81B0-C36506C82109" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN97818024/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://pleasanter.org/archives/vulnerability-update-202306", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33277.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33277.json index 43605085a53..817d83de4aa 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33277.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33277.json @@ -2,23 +2,99 @@ "id": "CVE-2023-33277", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-29T16:15:09.850", - "lastModified": "2023-06-29T18:16:42.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:30:07.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gira:knx_ip_router_firmware:3.1.3683.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0D32F793-EB7B-405B-B256-5AEE5FAC03B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gira:knx_ip_router_firmware:3.3.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7DE29350-C70D-4AFB-9727-8946759592C7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:gira:knx_ip_router:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D468470-3694-44BD-944C-77C1D63B64C4" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.syss.de/en/responsible-disclosure-policy", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-015.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33336.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33336.json index 3860933063c..14a7139a688 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33336.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33336.json @@ -2,19 +2,75 @@ "id": "CVE-2023-33336", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-30T02:15:09.000", - "lastModified": "2023-06-30T12:59:58.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:24:05.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sophos:web_appliance:4.3.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DA866A96-2576-44D6-9B30-23A4B5AEA417" + } + ] + } + ] + } + ], "references": [ { "url": "https://inf0seq.github.io/cve/2023/04/30/Cross-site-scripting-(XSS)-in-Sophos-Web-Appliance-4.1.1-0.9.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33664.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33664.json new file mode 100644 index 00000000000..f0097f4ace0 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33664.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33664", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T16:15:09.783", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2023/06/28/aicombinationsonfly.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.boutique.ai-dev.fr/en/ergonomie/61-combinations-on-fly.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33715.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33715.json new file mode 100644 index 00000000000..6812f96a020 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33715.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-33715", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:09.607", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow in ACDSee Free v2.0.2.227 allows attackers to cause a Denial of Service (DoS) via unspecified vectors." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://acd.com", + "source": "cve@mitre.org" + }, + { + "url": "http://acdsee.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/zclrsr/CVE-Reports/blob/main/ACDSee/CVE-2023-33715.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json index 1fbf52d0b63..75126504f82 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json @@ -2,16 +2,49 @@ "id": "CVE-2023-3338", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-30T22:15:10.270", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:20:32.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://seclists.org/oss-sec/2023/q2/276", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34658.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34658.json index 6d8575dec21..0837a99050d 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34658.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34658.json @@ -2,19 +2,74 @@ "id": "CVE-2023-34658", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-29T17:15:09.767", - "lastModified": "2023-06-29T18:16:42.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:11:51.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:telegram:telegram:9.6.3:*:*:*:*:iphone_os:*:*", + "matchCriteriaId": "F2AF0D9A-D251-4A85-BF12-0A15D3D753BE" + } + ] + } + ] + } + ], "references": [ { - "url": "https://crsrg.sh/crsrg-2308101/", - "source": "cve@mitre.org" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259547", + "source": "nvd@nist.gov", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34844.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34844.json index 9ef8a1d8670..4bd53a52638 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34844.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34844.json @@ -2,19 +2,76 @@ "id": "CVE-2023-34844", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-29T15:15:09.657", - "lastModified": "2023-06-29T15:35:43.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:02:37.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:play_with_docker_project:play_with_docker:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.0.2", + "matchCriteriaId": "4B4AF55D-5758-42FC-9C0F-1F5724EF053D" + } + ] + } + ] + } + ], "references": [ { "url": "https://hacku.top/wl/?id=MACBtnorZyp6hC3E5bw2CqBAusuWoKe3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3447.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3447.json index 43dae2e6f7b..9d157d16513 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3447.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3447.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3447", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-29T05:15:14.177", - "lastModified": "2023-06-29T15:35:43.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:02:02.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:miniorange:active_directory_integration_\\/_ldap_integration:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.1.6", + "matchCriteriaId": "8CE6AEB1-7872-44F9-889E-ECE07E4D3E93" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2928150%40ldap-login-for-intranet-sites&new=2928150%40ldap-login-for-intranet-sites&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35987.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35987.json index f3ab0bd99b9..aa8c501cb85 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35987.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35987.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35987", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-07-06T23:15:09.550", - "lastModified": "2023-07-07T12:50:22.490", + "lastModified": "2023-07-07T17:15:09.677", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -17,20 +17,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3541.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3541.json new file mode 100644 index 00000000000..cf31de8ca58 --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3541.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-3541", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-07T16:15:09.870", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.233293", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.233293", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3542.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3542.json new file mode 100644 index 00000000000..452866417e1 --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3542.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-3542", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-07T16:15:09.947", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.233294", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.233294", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3543.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3543.json new file mode 100644 index 00000000000..1aabf2c4213 --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3543.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-3543", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-07T17:15:10.400", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.233295", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.233295", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3544.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3544.json new file mode 100644 index 00000000000..57014cd4e57 --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3544.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-3544", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-07T17:15:10.577", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.233296", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.233296", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36143.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36143.json index 4da40d0e47f..ee6a0597c6d 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36143.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36143.json @@ -2,23 +2,94 @@ "id": "CVE-2023-36143", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-30T01:15:08.767", - "lastModified": "2023-06-30T12:59:58.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:20:03.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the \"Diagnostic tool\" functionality of the device." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:maxprintisp:maxlink_1200g_firmware:3.4.11e:*:*:*:*:*:*:*", + "matchCriteriaId": "CE5140AC-5E19-4E9B-B2F3-915E9E9FE0EE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:maxprintisp:maxlink_1200g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80F15C78-7B4D-4C59-9119-0FA675AE2434" + } + ] + } + ] + } + ], "references": [ { "url": "http://maxlink.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/leonardobg/CVE-2023-36143", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36201.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36201.json new file mode 100644 index 00000000000..eed466e424f --- /dev/null +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36201.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-36201", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T16:15:09.827", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/jerryscript-project/jerryscript/issues/5026", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36467.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36467.json index 082e00091b7..c88797d59e9 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36467.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36467.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36467", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-28T14:15:09.967", - "lastModified": "2023-06-28T15:25:24.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:18:53.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:amazon:aws-dataall:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.2.0", + "versionEndIncluding": "1.5.1", + "matchCriteriaId": "0529A7FE-376D-4C9A-BFEF-739038CAEA30" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/awslabs/aws-dataall/pull/472", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36476.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36476.json index 2675034726c..b7bc83f2ae8 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36476.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36476.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36476", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-29T01:15:51.267", - "lastModified": "2023-06-29T15:35:43.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:51:22.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nixos:calamares-nixos-extensions:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.3.13", + "matchCriteriaId": "9F137430-7CE8-4856-AF49-A86837F31011" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://github.com/osresearch/heads/issues/1348", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36484.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36484.json index d1a5b868665..6412d0acd99 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36484.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36484.json @@ -2,23 +2,108 @@ "id": "CVE-2023-36484", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-29T19:15:09.053", - "lastModified": "2023-06-29T23:57:54.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T16:46:54.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0", + "versionEndIncluding": "8.2", + "matchCriteriaId": "EBFD576F-DBBA-41F3-8788-1505D0220269" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ilias:ilias:7.21:*:*:*:*:*:*:*", + "matchCriteriaId": "08F7F691-69A8-4F5D-85AA-52C7632ABBA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ilias:ilias:8.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "2294ECEB-713A-40DB-8898-9ECF27463917" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ilias:ilias:8.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "7FEA3D5A-A0AC-4490-BF0F-26F9E9FA6ECF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ilias:ilias:8.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "E3966CC6-EA0D-4C7D-8586-1C2833951D6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ilias:ilias:8.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "038E3D09-BFA5-4AD7-AE51-366ABD839892" + } + ] + } + ] + } + ], "references": [ { "url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141710&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141711&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36488.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36488.json index ddfb0386c15..704b414d6fb 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36488.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36488.json @@ -2,23 +2,88 @@ "id": "CVE-2023-36488", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-29T17:15:09.857", - "lastModified": "2023-06-29T19:15:09.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:17:29.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0", + "versionEndIncluding": "8.2", + "matchCriteriaId": "EBFD576F-DBBA-41F3-8788-1505D0220269" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ilias:ilias:7.21:*:*:*:*:*:*:*", + "matchCriteriaId": "08F7F691-69A8-4F5D-85AA-52C7632ABBA9" + } + ] + } + ] + } + ], "references": [ { "url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141704&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141710&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37061.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37061.json new file mode 100644 index 00000000000..f3eff5b798c --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37061.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37061", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:09.827", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/75e9b3e0acac6f7a643da6ff19a00d55a94417a1", + "source": "cve@mitre.org" + }, + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-116-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-languages-management", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37062.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37062.json new file mode 100644 index 00000000000..ede464ea09f --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37062.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37062", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:09.883", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/c263933d1d958edee3999820f636c8cb919d03d1", + "source": "cve@mitre.org" + }, + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-115-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-course-category", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37063.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37063.json new file mode 100644 index 00000000000..9c15e2eba2d --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37063.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37063", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:09.943", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/546a18b0bd1446123f4e29f81f42e71b761f51b7", + "source": "cve@mitre.org" + }, + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-117-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-careers-amp-promotions-management", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37064.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37064.json new file mode 100644 index 00000000000..fc3d8b4ed71 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37064.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37064", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:10.020", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/91ecc6141de6de9483c5a31fbb9fa91450f24940", + "source": "cve@mitre.org" + }, + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-119-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-extra-fields-management", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37065.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37065.json new file mode 100644 index 00000000000..4248150e28d --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37065.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37065", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:10.097", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/da61f287d2e508a5e940953b474051d0f21e91c0", + "source": "cve@mitre.org" + }, + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-118-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-session-category-management", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37066.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37066.json new file mode 100644 index 00000000000..54d6e5a8a74 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37066.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37066", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:10.167", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/4f7b5ebf90c35999917c231276e47a4184275690", + "source": "cve@mitre.org" + }, + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-114-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-skills", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37067.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37067.json new file mode 100644 index 00000000000..16304c54405 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37067.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37067", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-07T17:15:10.223", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/c75ff227bcf00e9f88e9477b78eaeed9e0668905", + "source": "cve@mitre.org" + }, + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-120-2023-06-07-Low-impact-Low-risk-XSS-through-admin-account-classesusergroups-management", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37264.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37264.json new file mode 100644 index 00000000000..0eb9e6672a6 --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37264.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-37264", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-07T17:15:10.280", + "lastModified": "2023-07-07T17:36:20.173", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun's (api version, kind, name, uid) in the child Run's OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53", + "source": "security-advisories@github.com" + }, + { + "url": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37365.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37365.json index b0aea82c520..95e1841a381 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37365.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37365.json @@ -2,19 +2,76 @@ "id": "CVE-2023-37365", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-30T19:15:09.437", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-07T17:51:51.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hnswlib_project:hnswlib:0.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41504741-4100-4101-A106-48E425566C99" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nmslib/hnswlib/issues/467", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 27048aa5f19..672a1e5ba7d 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-07T16:00:26.958077+00:00 +2023-07-07T18:00:33.903204+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-07T15:49:08.983000+00:00 +2023-07-07T17:55:35.560000+00:00 ``` ### Last Data Feed Release @@ -29,53 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -219454 +219472 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `18` -* [CVE-2023-37144](CVE-2023/CVE-2023-371xx/CVE-2023-37144.json) (`2023-07-07T14:15:09.363`) -* [CVE-2023-37145](CVE-2023/CVE-2023-371xx/CVE-2023-37145.json) (`2023-07-07T14:15:09.433`) -* [CVE-2023-37146](CVE-2023/CVE-2023-371xx/CVE-2023-37146.json) (`2023-07-07T14:15:09.500`) -* [CVE-2023-37148](CVE-2023/CVE-2023-371xx/CVE-2023-37148.json) (`2023-07-07T14:15:09.570`) -* [CVE-2023-37149](CVE-2023/CVE-2023-371xx/CVE-2023-37149.json) (`2023-07-07T14:15:09.617`) -* [CVE-2023-3537](CVE-2023/CVE-2023-35xx/CVE-2023-3537.json) (`2023-07-07T14:15:09.757`) -* [CVE-2023-3538](CVE-2023/CVE-2023-35xx/CVE-2023-3538.json) (`2023-07-07T14:15:09.850`) -* [CVE-2023-3539](CVE-2023/CVE-2023-35xx/CVE-2023-3539.json) (`2023-07-07T15:15:10.230`) -* [CVE-2023-3540](CVE-2023/CVE-2023-35xx/CVE-2023-3540.json) (`2023-07-07T15:15:10.317`) +* [CVE-2023-25201](CVE-2023/CVE-2023-252xx/CVE-2023-25201.json) (`2023-07-07T16:15:09.680`) +* [CVE-2023-29998](CVE-2023/CVE-2023-299xx/CVE-2023-29998.json) (`2023-07-07T16:15:09.737`) +* [CVE-2023-33664](CVE-2023/CVE-2023-336xx/CVE-2023-33664.json) (`2023-07-07T16:15:09.783`) +* [CVE-2023-36201](CVE-2023/CVE-2023-362xx/CVE-2023-36201.json) (`2023-07-07T16:15:09.827`) +* [CVE-2023-3541](CVE-2023/CVE-2023-35xx/CVE-2023-3541.json) (`2023-07-07T16:15:09.870`) +* [CVE-2023-3542](CVE-2023/CVE-2023-35xx/CVE-2023-3542.json) (`2023-07-07T16:15:09.947`) +* [CVE-2023-27845](CVE-2023/CVE-2023-278xx/CVE-2023-27845.json) (`2023-07-07T17:15:09.540`) +* [CVE-2023-33715](CVE-2023/CVE-2023-337xx/CVE-2023-33715.json) (`2023-07-07T17:15:09.607`) +* [CVE-2023-37061](CVE-2023/CVE-2023-370xx/CVE-2023-37061.json) (`2023-07-07T17:15:09.827`) +* [CVE-2023-37062](CVE-2023/CVE-2023-370xx/CVE-2023-37062.json) (`2023-07-07T17:15:09.883`) +* [CVE-2023-37063](CVE-2023/CVE-2023-370xx/CVE-2023-37063.json) (`2023-07-07T17:15:09.943`) +* [CVE-2023-37064](CVE-2023/CVE-2023-370xx/CVE-2023-37064.json) (`2023-07-07T17:15:10.020`) +* [CVE-2023-37065](CVE-2023/CVE-2023-370xx/CVE-2023-37065.json) (`2023-07-07T17:15:10.097`) +* [CVE-2023-37066](CVE-2023/CVE-2023-370xx/CVE-2023-37066.json) (`2023-07-07T17:15:10.167`) +* [CVE-2023-37067](CVE-2023/CVE-2023-370xx/CVE-2023-37067.json) (`2023-07-07T17:15:10.223`) +* [CVE-2023-37264](CVE-2023/CVE-2023-372xx/CVE-2023-37264.json) (`2023-07-07T17:15:10.280`) +* [CVE-2023-3543](CVE-2023/CVE-2023-35xx/CVE-2023-3543.json) (`2023-07-07T17:15:10.400`) +* [CVE-2023-3544](CVE-2023/CVE-2023-35xx/CVE-2023-3544.json) (`2023-07-07T17:15:10.577`) ### CVEs modified in the last Commit -Recently modified CVEs: `31` +Recently modified CVEs: `29` -* [CVE-2023-35866](CVE-2023/CVE-2023-358xx/CVE-2023-35866.json) (`2023-07-07T14:01:33.287`) -* [CVE-2023-28929](CVE-2023/CVE-2023-289xx/CVE-2023-28929.json) (`2023-07-07T14:12:11.360`) -* [CVE-2023-25366](CVE-2023/CVE-2023-253xx/CVE-2023-25366.json) (`2023-07-07T14:14:53.760`) -* [CVE-2023-3243](CVE-2023/CVE-2023-32xx/CVE-2023-3243.json) (`2023-07-07T14:15:09.673`) -* [CVE-2023-26427](CVE-2023/CVE-2023-264xx/CVE-2023-26427.json) (`2023-07-07T14:31:30.563`) -* [CVE-2023-34840](CVE-2023/CVE-2023-348xx/CVE-2023-34840.json) (`2023-07-07T14:37:15.100`) -* [CVE-2023-34197](CVE-2023/CVE-2023-341xx/CVE-2023-34197.json) (`2023-07-07T14:54:15.817`) -* [CVE-2023-37308](CVE-2023/CVE-2023-373xx/CVE-2023-37308.json) (`2023-07-07T14:54:15.817`) -* [CVE-2023-3535](CVE-2023/CVE-2023-35xx/CVE-2023-3535.json) (`2023-07-07T14:54:15.817`) -* [CVE-2023-3536](CVE-2023/CVE-2023-35xx/CVE-2023-3536.json) (`2023-07-07T14:54:15.817`) -* [CVE-2023-36474](CVE-2023/CVE-2023-364xx/CVE-2023-36474.json) (`2023-07-07T14:54:51.293`) -* [CVE-2023-32610](CVE-2023/CVE-2023-326xx/CVE-2023-32610.json) (`2023-07-07T14:55:04.910`) -* [CVE-2023-30501](CVE-2023/CVE-2023-305xx/CVE-2023-30501.json) (`2023-07-07T15:15:09.303`) -* [CVE-2023-30502](CVE-2023/CVE-2023-305xx/CVE-2023-30502.json) (`2023-07-07T15:15:09.440`) -* [CVE-2023-30503](CVE-2023/CVE-2023-305xx/CVE-2023-30503.json) (`2023-07-07T15:15:09.537`) -* [CVE-2023-30504](CVE-2023/CVE-2023-305xx/CVE-2023-30504.json) (`2023-07-07T15:15:09.620`) -* [CVE-2023-30505](CVE-2023/CVE-2023-305xx/CVE-2023-30505.json) (`2023-07-07T15:15:09.693`) -* [CVE-2023-30506](CVE-2023/CVE-2023-305xx/CVE-2023-30506.json) (`2023-07-07T15:15:09.777`) -* [CVE-2023-30507](CVE-2023/CVE-2023-305xx/CVE-2023-30507.json) (`2023-07-07T15:15:09.863`) -* [CVE-2023-30508](CVE-2023/CVE-2023-305xx/CVE-2023-30508.json) (`2023-07-07T15:15:09.943`) -* [CVE-2023-30509](CVE-2023/CVE-2023-305xx/CVE-2023-30509.json) (`2023-07-07T15:15:10.013`) -* [CVE-2023-30510](CVE-2023/CVE-2023-305xx/CVE-2023-30510.json) (`2023-07-07T15:15:10.090`) -* [CVE-2023-37378](CVE-2023/CVE-2023-373xx/CVE-2023-37378.json) (`2023-07-07T15:15:10.173`) -* [CVE-2023-35042](CVE-2023/CVE-2023-350xx/CVE-2023-35042.json) (`2023-07-07T15:28:32.747`) -* [CVE-2023-35163](CVE-2023/CVE-2023-351xx/CVE-2023-35163.json) (`2023-07-07T15:49:08.983`) +* [CVE-2022-23913](CVE-2022/CVE-2022-239xx/CVE-2022-23913.json) (`2023-07-07T16:15:09.390`) +* [CVE-2022-28331](CVE-2022/CVE-2022-283xx/CVE-2022-28331.json) (`2023-07-07T16:15:09.550`) +* [CVE-2023-3447](CVE-2023/CVE-2023-34xx/CVE-2023-3447.json) (`2023-07-07T16:02:02.250`) +* [CVE-2023-34844](CVE-2023/CVE-2023-348xx/CVE-2023-34844.json) (`2023-07-07T16:02:37.313`) +* [CVE-2023-20120](CVE-2023/CVE-2023-201xx/CVE-2023-20120.json) (`2023-07-07T16:02:41.643`) +* [CVE-2023-31222](CVE-2023/CVE-2023-312xx/CVE-2023-31222.json) (`2023-07-07T16:13:00.783`) +* [CVE-2023-36143](CVE-2023/CVE-2023-361xx/CVE-2023-36143.json) (`2023-07-07T16:20:03.587`) +* [CVE-2023-33336](CVE-2023/CVE-2023-333xx/CVE-2023-33336.json) (`2023-07-07T16:24:05.020`) +* [CVE-2023-32607](CVE-2023/CVE-2023-326xx/CVE-2023-32607.json) (`2023-07-07T16:28:45.697`) +* [CVE-2023-32608](CVE-2023/CVE-2023-326xx/CVE-2023-32608.json) (`2023-07-07T16:29:16.543`) +* [CVE-2023-33277](CVE-2023/CVE-2023-332xx/CVE-2023-33277.json) (`2023-07-07T16:30:07.667`) +* [CVE-2023-36484](CVE-2023/CVE-2023-364xx/CVE-2023-36484.json) (`2023-07-07T16:46:54.217`) +* [CVE-2023-30955](CVE-2023/CVE-2023-309xx/CVE-2023-30955.json) (`2023-07-07T16:52:53.380`) +* [CVE-2023-26085](CVE-2023/CVE-2023-260xx/CVE-2023-26085.json) (`2023-07-07T17:01:51.867`) +* [CVE-2023-30946](CVE-2023/CVE-2023-309xx/CVE-2023-30946.json) (`2023-07-07T17:04:55.903`) +* [CVE-2023-3117](CVE-2023/CVE-2023-31xx/CVE-2023-3117.json) (`2023-07-07T17:11:07.733`) +* [CVE-2023-34658](CVE-2023/CVE-2023-346xx/CVE-2023-34658.json) (`2023-07-07T17:11:51.400`) +* [CVE-2023-35987](CVE-2023/CVE-2023-359xx/CVE-2023-35987.json) (`2023-07-07T17:15:09.677`) +* [CVE-2023-36488](CVE-2023/CVE-2023-364xx/CVE-2023-36488.json) (`2023-07-07T17:17:29.997`) +* [CVE-2023-36467](CVE-2023/CVE-2023-364xx/CVE-2023-36467.json) (`2023-07-07T17:18:53.227`) +* [CVE-2023-3338](CVE-2023/CVE-2023-33xx/CVE-2023-3338.json) (`2023-07-07T17:20:32.650`) +* [CVE-2023-20178](CVE-2023/CVE-2023-201xx/CVE-2023-20178.json) (`2023-07-07T17:47:17.953`) +* [CVE-2023-36476](CVE-2023/CVE-2023-364xx/CVE-2023-36476.json) (`2023-07-07T17:51:22.317`) +* [CVE-2023-37365](CVE-2023/CVE-2023-373xx/CVE-2023-37365.json) (`2023-07-07T17:51:51.580`) +* [CVE-2023-20188](CVE-2023/CVE-2023-201xx/CVE-2023-20188.json) (`2023-07-07T17:55:35.560`) ## Download and Usage