diff --git a/CVE-2022/CVE-2022-296xx/CVE-2022-29604.json b/CVE-2022/CVE-2022-296xx/CVE-2022-29604.json index 433a7d3de9e..d282f0bbaa1 100644 --- a/CVE-2022/CVE-2022-296xx/CVE-2022-29604.json +++ b/CVE-2022/CVE-2022-296xx/CVE-2022-29604.json @@ -2,23 +2,83 @@ "id": "CVE-2022-29604", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-20T13:15:07.307", - "lastModified": "2023-04-20T13:15:13.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T15:38:23.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-178" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414" + } + ] + } + ] + } + ], "references": [ { "url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-296xx/CVE-2022-29605.json b/CVE-2022/CVE-2022-296xx/CVE-2022-29605.json index f0984ee3e72..86d6feae91a 100644 --- a/CVE-2022/CVE-2022-296xx/CVE-2022-29605.json +++ b/CVE-2022/CVE-2022-296xx/CVE-2022-29605.json @@ -2,23 +2,83 @@ "id": "CVE-2022-29605", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-20T13:15:07.377", - "lastModified": "2023-04-20T13:15:13.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T15:35:35.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-670" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414" + } + ] + } + ] + } + ], "references": [ { "url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1624.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1624.json index 580f75bb8ea..392d0468d11 100644 --- a/CVE-2023/CVE-2023-16xx/CVE-2023-1624.json +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1624.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1624", "sourceIdentifier": "contact@wpscan.com", "published": "2023-04-24T19:15:09.693", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T15:30:50.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpcode:wpcode:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.9", + "matchCriteriaId": "8695F540-99C6-4023-A002-7DA916F16E53" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/132b70e5-4368-43b4-81f6-2d01bc09dc8f", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2006.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2006.json index 42fbed1b13d..55357877cfa 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2006.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2006.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2006", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-24T21:15:09.283", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T14:42:56.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,18 +56,78 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1", + "matchCriteriaId": "9064B383-DD48-40A2-8947-F5BA6E6B6713" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", + "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", + "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*", + "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*", + "matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189112", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/torvalds/linux/commit/3bcd6c7eaa53", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-439/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2019.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2019.json index 1b046472d50..d18fe847a2f 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2019.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2019.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2019", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-24T21:15:09.347", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T14:42:28.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,18 +56,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0", + "matchCriteriaId": "87B81C9D-7173-4FFB-97BC-9C41AB20A53C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189137", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/torvalds/linux/commit/180a6a3ee60a", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22914.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22914.json index 7209ce13a70..db799cebf33 100644 --- a/CVE-2023/CVE-2023-229xx/CVE-2023-22914.json +++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22914.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22914", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-04-24T17:15:09.627", - "lastModified": "2023-04-24T17:43:16.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T14:32:03.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -46,10 +76,334 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "FFE84F5F-0D2D-4B13-8B11-061D6AF36E0D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "E0248888-B2CD-4CAA-8475-B9CD68CDA4C1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "BB46C274-12D1-4155-AB7B-6FE9282FD307" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "513FCF86-307E-4230-9A59-653BE2450525" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "FE6D206F-B365-408A-9200-656B9C6A4AEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "3C7F5651-F9E1-4F7C-84BD-AF06ADDCBF82" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "3473C5D7-91AC-4FCA-851D-D6583B42F768" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "3E3AC1DD-9BD8-42AD-A443-BCCBA6A4F27B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "06C109E1-5D08-41E7-BDB2-8D53CA87FCA8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "16394FD3-8C28-4AD8-AE57-4C61D5E69D3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "FD0F0319-5402-4E2D-8E79-8C492422438D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22915.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22915.json index a2553ad4ea9..d93d1b5f510 100644 --- a/CVE-2023/CVE-2023-229xx/CVE-2023-22915.json +++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22915", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-04-24T17:15:09.690", - "lastModified": "2023-04-24T17:43:16.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T14:44:10.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -46,10 +76,363 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "FFE84F5F-0D2D-4B13-8B11-061D6AF36E0D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "E0248888-B2CD-4CAA-8475-B9CD68CDA4C1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "BB46C274-12D1-4155-AB7B-6FE9282FD307" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "513FCF86-307E-4230-9A59-653BE2450525" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.30", + "versionEndIncluding": "5.35", + "matchCriteriaId": "44C99310-56C3-4392-8D68-8290A209B2DA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "3C7F5651-F9E1-4F7C-84BD-AF06ADDCBF82" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "3473C5D7-91AC-4FCA-851D-D6583B42F768" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "3E3AC1DD-9BD8-42AD-A443-BCCBA6A4F27B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "06C109E1-5D08-41E7-BDB2-8D53CA87FCA8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "16394FD3-8C28-4AD8-AE57-4C61D5E69D3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.50", + "versionEndIncluding": "5.35", + "matchCriteriaId": "FD0F0319-5402-4E2D-8E79-8C492422438D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.30", + "versionEndIncluding": "5.35", + "matchCriteriaId": "3C160661-113D-4B5A-A253-FEB1E4CBB267" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2250.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2250.json index 7498d3ed565..3c84c3114d7 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2250.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2250.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2250", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-24T21:15:09.410", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T14:41:52.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -27,10 +60,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:open_cluster_management:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0834F4B0-F5C7-43E7-9A7E-74B7FA455A6F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/open-cluster-management-io/registration-operator/pull/344", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2257.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2257.json index 43ad390bf6b..784af8373fc 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2257.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2257.json @@ -2,19 +2,92 @@ "id": "CVE-2023-2257", "sourceIdentifier": "security@devolutions.net", "published": "2023-04-24T19:15:09.820", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T15:55:03.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub \nBusiness space without being prompted to enter the password via an \nunimplemented \"Force Login\" security feature.\n\nThis vulnerability occurs only if \"Force Login\" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:workspace:*:*:*:*:desktop:*:*:*", + "versionEndExcluding": "2023.1.1.4", + "matchCriteriaId": "4C4BA203-752A-421F-9A01-4127E6E3DDE7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0011", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2282.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2282.json new file mode 100644 index 00000000000..cd759a6a7b9 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2282.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2282", + "sourceIdentifier": "security@devolutions.net", + "published": "2023-04-25T19:15:11.100", + "lastModified": "2023-05-04T15:16:53.583", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.1.22", + "matchCriteriaId": "7D029076-CEDD-4678-9B60-390670047C15" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2023-0012", + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23451.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23451.json index 1fbe2e262c7..0207e5c98ad 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23451.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23451.json @@ -2,16 +2,49 @@ "id": "CVE-2023-23451", "sourceIdentifier": "psirt@sick.de", "published": "2023-04-19T23:15:06.970", - "lastModified": "2023-04-20T13:15:05.443", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T15:24:37.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "psirt@sick.de", "type": "Secondary", @@ -23,10 +56,289 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "2AA9F3C9-61F5-4C21-9650-76C0FC9C51EE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4F4C5D33-6A97-4509-8151-65D79F03F18A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "DF96D6FC-3053-433E-8B7D-CEA3C7FC7CBA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A963DB6B-C9A9-4B1D-A239-C7B608F2CBD1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "BB62B37C-E8E4-4305-8F6A-127765CC54AD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06416A50-B978-4F67-AA50-010ECBD2DB2F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "30951A8A-8B78-4F58-8E8B-5697F89B332A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "593FA8EA-007A-47C0-9F22-89E420BBE0D4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.11.0", + "matchCriteriaId": "87586615-29B4-46E4-9CE7-F7BB8F012155" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EAB590A4-F5E4-4A17-B5A6-33A995C96BAB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.11.0", + "matchCriteriaId": "042B4FDB-BC05-43D6-84FC-F65203CDBE0D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D96296E7-65D3-4C0A-8126-4AA8BEF85B39" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.12.0", + "matchCriteriaId": "61F9ADB1-DBED-4AC6-9CED-C0CCAC7C31F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF3BF752-4F49-4E90-9790-1913ED64D8B3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "F133BB19-8D61-4BD7-B706-A3FD81E71ECD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1809BCF9-541E-4348-87A3-4CB37D680704" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "96A20EA8-57F4-4CDD-8F44-F02E2FC010AA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CABEFF4-C0A4-4054-8174-7B3762BC0C3F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.11.0", + "matchCriteriaId": "D09286BA-A20C-44DA-BE0C-98EF4851BA73" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97742720-A8E3-49FE-BE43-EFF720F3D52D" + } + ] + } + ] + } + ], "references": [ { "url": "https://sick.com/psirt", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23470.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23470.json new file mode 100644 index 00000000000..c8ab5513bd5 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23470.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-23470", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-05-04T14:15:08.847", + "lastModified": "2023-05-04T14:15:08.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244510", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6987767", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24958.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24958.json new file mode 100644 index 00000000000..8ac464cdbcf --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24958.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-24958", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-05-04T14:15:10.173", + "lastModified": "2023-05-04T14:15:10.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246320", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6980845", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26010.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26010.json new file mode 100644 index 00000000000..242a8545675 --- /dev/null +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26010.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26010", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-04T14:15:10.593", + "lastModified": "2023-05-04T14:15:10.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <=\u00a011.18 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wpappninja/wordpress-wpmobile-app-android-and-ios-mobile-application-plugin-11-18-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26012.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26012.json new file mode 100644 index 00000000000..63245bc327c --- /dev/null +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26012.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26012", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-04T14:15:11.090", + "lastModified": "2023-05-04T14:15:11.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <=\u00a02.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-custom-login-page/wordpress-custom-login-page-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26061.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26061.json index 50914fe569b..3a03636a0c3 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26061.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26061.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26061", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-24T17:15:10.627", - "lastModified": "2023-04-24T17:43:16.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T15:20:01.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,14 +54,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nokia:netact:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20.1", + "matchCriteriaId": "C5E0663C-CBA9-4808-895C-7E2A04D919F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://nokia.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-05/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28086.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28086.json new file mode 100644 index 00000000000..2b90469450f --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28086.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2023-28086", + "sourceIdentifier": "security-alert@hpe.com", + "published": "2023-04-25T19:15:10.753", + "lastModified": "2023-05-04T14:56:37.440", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "An HPE OneView appliance dump may expose proxy credential settings" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "6.60.04", + "matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.2", + "matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us", + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28087.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28087.json new file mode 100644 index 00000000000..97bc91b3081 --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28087.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2023-28087", + "sourceIdentifier": "security-alert@hpe.com", + "published": "2023-04-25T19:15:10.817", + "lastModified": "2023-05-04T14:53:25.137", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "An HPE OneView appliance dump may expose OneView user accounts" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "6.60.04", + "matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.2", + "matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us", + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28088.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28088.json new file mode 100644 index 00000000000..05d9faa8854 --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28088.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2023-28088", + "sourceIdentifier": "security-alert@hpe.com", + "published": "2023-04-25T19:15:10.873", + "lastModified": "2023-05-04T14:30:04.933", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "An HPE OneView appliance dump may expose SAN switch administrative credentials" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "6.60.04", + "matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.2", + "matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us", + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28089.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28089.json new file mode 100644 index 00000000000..1b3bd71703b --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28089.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2023-28089", + "sourceIdentifier": "security-alert@hpe.com", + "published": "2023-04-25T19:15:10.927", + "lastModified": "2023-05-04T14:27:34.107", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "6.60.04", + "matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.2", + "matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us", + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28090.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28090.json new file mode 100644 index 00000000000..40a3c07e8a6 --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28090.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2023-28090", + "sourceIdentifier": "security-alert@hpe.com", + "published": "2023-04-25T19:15:10.980", + "lastModified": "2023-05-04T14:16:23.857", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "An HPE OneView appliance dump may expose SNMPv3 read credentials" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "6.60.04", + "matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.2", + "matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us", + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29019.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29019.json index c0688554820..671738cf279 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29019.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29019.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29019", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-21T23:15:20.197", - "lastModified": "2023-04-24T13:02:13.210", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T14:43:34.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,20 +64,64 @@ "value": "CWE-384" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fastify:passport:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "1.1.0", + "matchCriteriaId": "3F071BA9-FBA0-4860-9B99-9D48230422D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fastify:passport:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.3.0", + "matchCriteriaId": "341AD078-D84A-45B6-876F-7FA286EECAAA" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/fastify/fastify-passport/commit/43c82c321db58ea3e375dd475de60befbfcf2a11", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-4m3m-ppvx-xgw9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://owasp.org/www-community/attacks/Session_fixation", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Technical Description" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29780.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29780.json index e101c3f1578..b02cf3ec5a2 100644 --- a/CVE-2023/CVE-2023-297xx/CVE-2023-29780.json +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29780.json @@ -2,23 +2,94 @@ "id": "CVE-2023-29780", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-24T19:15:09.767", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T15:54:20.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3reality:3rsb015bz_firmware:1.00.54:*:*:*:*:*:*:*", + "matchCriteriaId": "7E00DF2A-7E43-43AD-9D6A-F4FA98033AEC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:3reality:3rsb015bz:-:*:*:*:*:*:*:*", + "matchCriteriaId": "856A30F4-A58D-477E-86E3-7AFCF6595549" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/iot-sec23/IoT-CVE/blob/main/Third%20Reality%20Smart%20Blind%20Vulnerability%20Report.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.3reality.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29827.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29827.json new file mode 100644 index 00000000000..84766578883 --- /dev/null +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29827.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-29827", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T14:15:11.363", + "lastModified": "2023-05-04T14:15:11.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/mde/ejs/issues/720", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30619.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30619.json new file mode 100644 index 00000000000..80812703ce3 --- /dev/null +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30619.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-30619", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-04T14:15:11.663", + "lastModified": "2023-05-04T14:15:11.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Enalean/tuleap/commit/fdc93a736cbccad05de16ff0cc7cc3ef18dc93df", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-7fm3-cr3g-5922", + "source": "security-advisories@github.com" + }, + { + "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=fdc93a736cbccad05de16ff0cc7cc3ef18dc93df", + "source": "security-advisories@github.com" + }, + { + "url": "https://tuleap.net/plugins/tracker/?aid=31586", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30623.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30623.json index 17b53335699..f5557c47e63 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30623.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30623.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30623", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-24T22:15:09.870", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T15:54:43.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wip_project:wip:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "D020BBA6-CF6E-436E-8D8E-CF85E0F7F490" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/embano1/wip/commit/c25450f77ed02c20d00b76ee3b33ff43838739a2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/embano1/wip/security/advisories/GHSA-rg3q-prf8-qxmp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://securitylab.github.com/research/github-actions-untrusted-input/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30626.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30626.json index 778b1b90a97..9bd26013923 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30626.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30626.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30626", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-24T21:15:09.687", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T14:09:25.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,30 +66,71 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.8.0", + "versionEndExcluding": "10.8.10", + "matchCriteriaId": "F5C18A18-B001-405D-9787-509225E4E7D2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/jellyfin/jellyfin/blob/22d880662283980dec994cd7d35fe269613bfce3/Jellyfin.Api/Controllers/ClientLogController.cs#L44", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/jellyfin/jellyfin/commit/82ad2633fdfb1c37a158057c7935f83e1129eda7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/jellyfin/jellyfin/pull/5918", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/jellyfin/jellyfin/releases/tag/v10.8.10", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-9p5f-5x8v-x65m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30627.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30627.json index 8d88f683576..75c0fcd9cdb 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30627.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30627.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30627", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-24T21:15:09.760", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T14:02:22.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.1.0", + "versionEndExcluding": "10.8.10", + "matchCriteriaId": "2987978F-8A1B-4CE2-BDC9-A6C5AAA9AE18" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jellyfin/jellyfin-web/commit/b88a5951e1a517ff4c820e693d9c0da981cf68ee", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/jellyfin/jellyfin-web/releases/tag/v10.8.10", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-9p5f-5x8v-x65m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 034fa50699c..a3f891a44f4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-04T14:00:24.407451+00:00 +2023-05-04T16:00:25.332114+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-04T13:58:41.697000+00:00 +2023-05-04T15:55:03.020000+00:00 ``` ### Last Data Feed Release @@ -29,78 +29,47 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -214049 +214055 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `6` -* [CVE-2022-45818](CVE-2022/CVE-2022-458xx/CVE-2022-45818.json) (`2023-05-04T13:15:13.580`) -* [CVE-2023-25962](CVE-2023/CVE-2023-259xx/CVE-2023-25962.json) (`2023-05-04T13:15:18.060`) -* [CVE-2023-26016](CVE-2023/CVE-2023-260xx/CVE-2023-26016.json) (`2023-05-04T13:15:18.633`) +* [CVE-2023-23470](CVE-2023/CVE-2023-234xx/CVE-2023-23470.json) (`2023-05-04T14:15:08.847`) +* [CVE-2023-24958](CVE-2023/CVE-2023-249xx/CVE-2023-24958.json) (`2023-05-04T14:15:10.173`) +* [CVE-2023-26010](CVE-2023/CVE-2023-260xx/CVE-2023-26010.json) (`2023-05-04T14:15:10.593`) +* [CVE-2023-26012](CVE-2023/CVE-2023-260xx/CVE-2023-26012.json) (`2023-05-04T14:15:11.090`) +* [CVE-2023-29827](CVE-2023/CVE-2023-298xx/CVE-2023-29827.json) (`2023-05-04T14:15:11.363`) +* [CVE-2023-30619](CVE-2023/CVE-2023-306xx/CVE-2023-30619.json) (`2023-05-04T14:15:11.663`) ### CVEs modified in the last Commit -Recently modified CVEs: `56` +Recently modified CVEs: `22` -* [CVE-2017-11197](CVE-2017/CVE-2017-111xx/CVE-2017-11197.json) (`2023-05-04T13:03:15.830`) -* [CVE-2017-20184](CVE-2017/CVE-2017-201xx/CVE-2017-20184.json) (`2023-05-04T13:03:05.007`) -* [CVE-2020-22429](CVE-2020/CVE-2020-224xx/CVE-2020-22429.json) (`2023-05-04T13:03:12.273`) -* [CVE-2021-33971](CVE-2021/CVE-2021-339xx/CVE-2021-33971.json) (`2023-05-04T13:42:40.960`) -* [CVE-2021-3429](CVE-2021/CVE-2021-34xx/CVE-2021-3429.json) (`2023-05-04T13:00:46.217`) -* [CVE-2022-39161](CVE-2022/CVE-2022-391xx/CVE-2022-39161.json) (`2023-05-04T13:03:12.273`) -* [CVE-2022-4259](CVE-2022/CVE-2022-42xx/CVE-2022-4259.json) (`2023-05-04T13:03:05.007`) -* [CVE-2022-4376](CVE-2022/CVE-2022-43xx/CVE-2022-4376.json) (`2023-05-04T13:03:12.273`) -* [CVE-2022-43950](CVE-2022/CVE-2022-439xx/CVE-2022-43950.json) (`2023-05-04T13:03:12.273`) -* [CVE-2022-45858](CVE-2022/CVE-2022-458xx/CVE-2022-45858.json) (`2023-05-04T13:03:12.273`) -* [CVE-2022-45859](CVE-2022/CVE-2022-458xx/CVE-2022-45859.json) (`2023-05-04T13:03:12.273`) -* [CVE-2022-45860](CVE-2022/CVE-2022-458xx/CVE-2022-45860.json) (`2023-05-04T13:03:12.273`) -* [CVE-2022-47757](CVE-2022/CVE-2022-477xx/CVE-2022-47757.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-0155](CVE-2023/CVE-2023-01xx/CVE-2023-0155.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-0485](CVE-2023/CVE-2023-04xx/CVE-2023-0485.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-0756](CVE-2023/CVE-2023-07xx/CVE-2023-0756.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-0805](CVE-2023/CVE-2023-08xx/CVE-2023-0805.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-1178](CVE-2023/CVE-2023-11xx/CVE-2023-1178.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-1204](CVE-2023/CVE-2023-12xx/CVE-2023-1204.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-1265](CVE-2023/CVE-2023-12xx/CVE-2023-1265.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-1836](CVE-2023/CVE-2023-18xx/CVE-2023-1836.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-1965](CVE-2023/CVE-2023-19xx/CVE-2023-1965.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-2069](CVE-2023/CVE-2023-20xx/CVE-2023-2069.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-2182](CVE-2023/CVE-2023-21xx/CVE-2023-2182.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-22637](CVE-2023/CVE-2023-226xx/CVE-2023-22637.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-22640](CVE-2023/CVE-2023-226xx/CVE-2023-22640.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-22651](CVE-2023/CVE-2023-226xx/CVE-2023-22651.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-22913](CVE-2023/CVE-2023-229xx/CVE-2023-22913.json) (`2023-05-04T13:17:24.853`) -* [CVE-2023-22917](CVE-2023/CVE-2023-229xx/CVE-2023-22917.json) (`2023-05-04T13:28:13.717`) -* [CVE-2023-22948](CVE-2023/CVE-2023-229xx/CVE-2023-22948.json) (`2023-05-04T13:32:19.617`) -* [CVE-2023-22950](CVE-2023/CVE-2023-229xx/CVE-2023-22950.json) (`2023-05-04T13:31:57.710`) -* [CVE-2023-24744](CVE-2023/CVE-2023-247xx/CVE-2023-24744.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-25438](CVE-2023/CVE-2023-254xx/CVE-2023-25438.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-25934](CVE-2023/CVE-2023-259xx/CVE-2023-25934.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-26060](CVE-2023/CVE-2023-260xx/CVE-2023-26060.json) (`2023-05-04T13:52:08.417`) -* [CVE-2023-26125](CVE-2023/CVE-2023-261xx/CVE-2023-26125.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-26203](CVE-2023/CVE-2023-262xx/CVE-2023-26203.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-27075](CVE-2023/CVE-2023-270xx/CVE-2023-27075.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-27568](CVE-2023/CVE-2023-275xx/CVE-2023-27568.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-27993](CVE-2023/CVE-2023-279xx/CVE-2023-27993.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-27999](CVE-2023/CVE-2023-279xx/CVE-2023-27999.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-28458](CVE-2023/CVE-2023-284xx/CVE-2023-28458.json) (`2023-05-04T12:38:48.727`) -* [CVE-2023-28459](CVE-2023/CVE-2023-284xx/CVE-2023-28459.json) (`2023-05-04T12:38:31.430`) -* [CVE-2023-28983](CVE-2023/CVE-2023-289xx/CVE-2023-28983.json) (`2023-05-04T13:01:39.027`) -* [CVE-2023-29002](CVE-2023/CVE-2023-290xx/CVE-2023-29002.json) (`2023-05-04T13:01:18.917`) -* [CVE-2023-29842](CVE-2023/CVE-2023-298xx/CVE-2023-29842.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-30077](CVE-2023/CVE-2023-300xx/CVE-2023-30077.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-30204](CVE-2023/CVE-2023-302xx/CVE-2023-30204.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-30205](CVE-2023/CVE-2023-302xx/CVE-2023-30205.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-30300](CVE-2023/CVE-2023-303xx/CVE-2023-30300.json) (`2023-05-04T13:03:12.273`) -* [CVE-2023-30331](CVE-2023/CVE-2023-303xx/CVE-2023-30331.json) (`2023-05-04T13:03:05.007`) -* [CVE-2023-30410](CVE-2023/CVE-2023-304xx/CVE-2023-30410.json) (`2023-05-04T13:58:28.100`) -* [CVE-2023-30414](CVE-2023/CVE-2023-304xx/CVE-2023-30414.json) (`2023-05-04T13:58:41.697`) -* [CVE-2023-30618](CVE-2023/CVE-2023-306xx/CVE-2023-30618.json) (`2023-05-04T12:37:53.263`) -* [CVE-2023-30622](CVE-2023/CVE-2023-306xx/CVE-2023-30622.json) (`2023-05-04T12:53:56.153`) -* [CVE-2023-31099](CVE-2023/CVE-2023-310xx/CVE-2023-31099.json) (`2023-05-04T13:03:05.007`) +* [CVE-2022-29604](CVE-2022/CVE-2022-296xx/CVE-2022-29604.json) (`2023-05-04T15:38:23.023`) +* [CVE-2022-29605](CVE-2022/CVE-2022-296xx/CVE-2022-29605.json) (`2023-05-04T15:35:35.327`) +* [CVE-2023-1624](CVE-2023/CVE-2023-16xx/CVE-2023-1624.json) (`2023-05-04T15:30:50.530`) +* [CVE-2023-2006](CVE-2023/CVE-2023-20xx/CVE-2023-2006.json) (`2023-05-04T14:42:56.097`) +* [CVE-2023-2019](CVE-2023/CVE-2023-20xx/CVE-2023-2019.json) (`2023-05-04T14:42:28.350`) +* [CVE-2023-2250](CVE-2023/CVE-2023-22xx/CVE-2023-2250.json) (`2023-05-04T14:41:52.360`) +* [CVE-2023-2257](CVE-2023/CVE-2023-22xx/CVE-2023-2257.json) (`2023-05-04T15:55:03.020`) +* [CVE-2023-2282](CVE-2023/CVE-2023-22xx/CVE-2023-2282.json) (`2023-05-04T15:16:53.583`) +* [CVE-2023-22914](CVE-2023/CVE-2023-229xx/CVE-2023-22914.json) (`2023-05-04T14:32:03.143`) +* [CVE-2023-22915](CVE-2023/CVE-2023-229xx/CVE-2023-22915.json) (`2023-05-04T14:44:10.363`) +* [CVE-2023-23451](CVE-2023/CVE-2023-234xx/CVE-2023-23451.json) (`2023-05-04T15:24:37.877`) +* [CVE-2023-26061](CVE-2023/CVE-2023-260xx/CVE-2023-26061.json) (`2023-05-04T15:20:01.543`) +* [CVE-2023-28086](CVE-2023/CVE-2023-280xx/CVE-2023-28086.json) (`2023-05-04T14:56:37.440`) +* [CVE-2023-28087](CVE-2023/CVE-2023-280xx/CVE-2023-28087.json) (`2023-05-04T14:53:25.137`) +* [CVE-2023-28088](CVE-2023/CVE-2023-280xx/CVE-2023-28088.json) (`2023-05-04T14:30:04.933`) +* [CVE-2023-28089](CVE-2023/CVE-2023-280xx/CVE-2023-28089.json) (`2023-05-04T14:27:34.107`) +* [CVE-2023-28090](CVE-2023/CVE-2023-280xx/CVE-2023-28090.json) (`2023-05-04T14:16:23.857`) +* [CVE-2023-29019](CVE-2023/CVE-2023-290xx/CVE-2023-29019.json) (`2023-05-04T14:43:34.297`) +* [CVE-2023-29780](CVE-2023/CVE-2023-297xx/CVE-2023-29780.json) (`2023-05-04T15:54:20.907`) +* [CVE-2023-30623](CVE-2023/CVE-2023-306xx/CVE-2023-30623.json) (`2023-05-04T15:54:43.193`) +* [CVE-2023-30626](CVE-2023/CVE-2023-306xx/CVE-2023-30626.json) (`2023-05-04T14:09:25.893`) +* [CVE-2023-30627](CVE-2023/CVE-2023-306xx/CVE-2023-30627.json) (`2023-05-04T14:02:22.583`) ## Download and Usage