diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json index 3953ec4009d..ad9f8da76df 100644 --- a/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json +++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json @@ -2,8 +2,8 @@ "id": "CVE-2019-25152", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-22T02:15:47.730", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T17:44:14.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -46,22 +66,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tychesoftwares:abandoned_cart_lite_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.2.0", + "matchCriteriaId": "8931697D-8EC8-4B2A-881B-286B495DCCC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tychesoftwares:abandoned_cart_pro_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.12.0", + "matchCriteriaId": "371B5867-CE38-44E6-9DCD-3FB3DABAE8A5" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2033212", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wpscan.com/vulnerability/9229", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-33xx/CVE-2022-3372.json b/CVE-2022/CVE-2022-33xx/CVE-2022-3372.json index 19e0b53b638..a8a5c6b72d9 100644 --- a/CVE-2022/CVE-2022-33xx/CVE-2022-3372.json +++ b/CVE-2022/CVE-2022-33xx/CVE-2022-3372.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3372", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-06-21T13:15:09.673", - "lastModified": "2023-06-21T15:14:56.427", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T17:45:46.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +76,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:riello-ups:netman_204_firmware:02.05:*:*:*:*:*:*:*", + "matchCriteriaId": "1FFA2E71-B762-42C9-A991-801DC16E8BF5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:riello-ups:netman_204:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06001306-7B00-453C-9C45-17E5A64DF4C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/cross-site-request-forgery-csrf-riello-ups-netman-204", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-452xx/CVE-2022-45287.json b/CVE-2022/CVE-2022-452xx/CVE-2022-45287.json index e899cd9627c..4d354e3af84 100644 --- a/CVE-2022/CVE-2022-452xx/CVE-2022-45287.json +++ b/CVE-2022/CVE-2022-452xx/CVE-2022-45287.json @@ -2,27 +2,89 @@ "id": "CVE-2022-45287", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T13:15:09.750", - "lastModified": "2023-06-21T15:14:56.427", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T17:33:09.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:temenos:cwx:8.5.6:*:*:*:*:*:*:*", + "matchCriteriaId": "6FF60BBC-5444-474E-AD80-2C22E21FD71A" + } + ] + } + ] + } + ], "references": [ { "url": "http://cwx.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "http://temenos.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/WhiteBearVN/CWX-Registration-Broken-Access-Control/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0970.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0970.json index 6189f805546..954df53b22e 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0970.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0970.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0970", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:09.843", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:05:03.873", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silabs:z\\/ip_gateway_sdk:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.18.01", + "matchCriteriaId": "6F96CB0A-344E-4061-808B-79DBA47375A3" + } + ] + } + ] + } + ], "references": [ { "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1", - "source": "product-security@silabs.com" + "source": "product-security@silabs.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0971.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0971.json index 93c80da1ae1..ae6cfc4f3fd 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0971.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0971.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0971", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:09.943", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:10:43.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -54,10 +84,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silabs:z\\/ip_gateway_sdk:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.18.01", + "matchCriteriaId": "6F96CB0A-344E-4061-808B-79DBA47375A3" + } + ] + } + ] + } + ], "references": [ { "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1", - "source": "product-security@silabs.com" + "source": "product-security@silabs.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0972.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0972.json index c52da241865..91ea0ae4279 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0972.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0972.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0972", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:10.023", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:15:36.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silabs:z\\/ip_gateway_sdk:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.18.01", + "matchCriteriaId": "6F96CB0A-344E-4061-808B-79DBA47375A3" + } + ] + } + ] + } + ], "references": [ { "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1", - "source": "product-security@silabs.com" + "source": "product-security@silabs.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25367.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25367.json index 3432c6b6317..6eeb39f6620 100644 --- a/CVE-2023/CVE-2023-253xx/CVE-2023-25367.json +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25367.json @@ -2,23 +2,149 @@ "id": "CVE-2023-25367", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-14T17:15:09.193", - "lastModified": "2023-06-14T18:20:18.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T17:56:58.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siglent:sds1204x-e_firmware:6.1.37r9.ads:*:*:*:*:*:*:*", + "matchCriteriaId": "36535DCD-638C-45CA-9992-904EC2485D4C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siglent:sds1204x-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4545B019-407C-414B-B28B-805C18B69A32" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siglent:sds1104x-e_firmware:6.1.37r9.ads:*:*:*:*:*:*:*", + "matchCriteriaId": "C9BB7B63-BBCE-4D51-8F67-E2C5423E0A20" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siglent:sds1104x-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1FD5938A-0016-432E-9E15-5F064524AC59" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siglent:sds1074x-e_firmware:6.1.37r9.ads:*:*:*:*:*:*:*", + "matchCriteriaId": "41C2AB7F-FD37-4690-86AB-B92C758381BA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siglent:sds1074x-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE44C86E-FE82-4B37-9059-FBF105E220CF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BretMcDanel/CVE/blob/main/CVE-2023-25367.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://siglent.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25435.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25435.json index 6d7218d1c2c..94c3b069f32 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25435.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25435.json @@ -2,19 +2,77 @@ "id": "CVE-2023-25435", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T20:15:10.100", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:20:23.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libtiff:libtiff:4.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FDFE597E-7A29-4E39-BF28-28DCCF51912A" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/issues/518", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2625.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2625.json new file mode 100644 index 00000000000..c51581ea90a --- /dev/null +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2625.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2625", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-06-28T17:15:10.627", + "lastModified": "2023-06-28T17:15:10.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27443.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27443.json index 76ff7f4bae7..dd6b1c008b0 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27443.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27443.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27443", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-21T13:15:09.977", - "lastModified": "2023-06-21T15:14:56.427", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:01:26.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simple_vimeo_shortcode_project:simple_vimeo_shortcode:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.9.1", + "matchCriteriaId": "273B2A27-D7EF-44C4-84A8-0229EA819FB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/the-very-simple-vimeo-shortcode/wordpress-simple-vimeo-shortcode-plugin-2-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27450.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27450.json index 723fc7d5b1d..053621f27e0 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27450.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27450.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27450", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-21T13:15:10.047", - "lastModified": "2023-06-21T15:14:56.427", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:02:29.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:te-st:leyka:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.30", + "matchCriteriaId": "8821ABE6-51C0-4094-A27F-624ACA4B035D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27866.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27866.json new file mode 100644 index 00000000000..d64ec05a5cc --- /dev/null +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27866.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-27866", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-06-28T16:15:19.717", + "lastModified": "2023-06-28T16:15:19.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249511", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7007615", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30500.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30500.json index 8886b68cd9a..1f7e7f99b93 100644 --- a/CVE-2023/CVE-2023-305xx/CVE-2023-30500.json +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30500.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30500", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T12:15:11.847", - "lastModified": "2023-06-22T12:51:15.117", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T17:52:48.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,14 +66,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpforms:contact_form:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8.1.2", + "matchCriteriaId": "0C30D2DC-2B09-4C22-9983-C412ECA75E2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpforms:wpforms:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "1.8.1.2", + "matchCriteriaId": "B1964F0D-644B-4426-9469-BBB78898F4EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wpforms-lite/wordpress-wpforms-lite-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/wpforms/wordpress-wpforms-pro-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31868.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31868.json index 76c752849a8..c7531bc5d9a 100644 --- a/CVE-2023/CVE-2023-318xx/CVE-2023-31868.json +++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31868.json @@ -2,23 +2,81 @@ "id": "CVE-2023-31868", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T12:15:11.967", - "lastModified": "2023-06-22T12:51:15.117", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:32:29.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sage:x3:12.14.0.50-0:*:*:*:*:*:*:*", + "matchCriteriaId": "E02F0A76-5C3C-4F96-B67E-E6BED5F39C57" + } + ] + } + ] + } + ], "references": [ { "url": "http://sage.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31868.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33289.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33289.json index be67308247a..2b07ecfbd93 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33289.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33289.json @@ -2,27 +2,90 @@ "id": "CVE-2023-33289", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T20:15:10.157", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:44:05.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1333" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:urlnorm_project:urlnorm:*:*:*:*:*:rust:*:*", + "versionEndIncluding": "0.1.4", + "matchCriteriaId": "5C62072A-C151-4AAB-AB11-8D4FE776C2C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/progscrape/urlnorm", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://lib.rs/crates/urlnorm", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34939.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34939.json index 38f14a189f7..5f3f7fa2922 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34939.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34939.json @@ -2,27 +2,90 @@ "id": "CVE-2023-34939", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T12:15:12.013", - "lastModified": "2023-06-22T12:51:15.117", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:40:31.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:onlyoffice:onlyoffice:*:*:*:*:community_server:*:*:*", + "versionEndExcluding": "12.5.2", + "matchCriteriaId": "D0CC476D-04E3-4267-8B60-FC93D8852AE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ONLYOFFICE/CommunityServer/blob/master/CHANGELOG.md#version-1252", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/firsov/onlyoffice", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34981.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34981.json index f179012f126..49840b22c9b 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34981.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34981.json @@ -2,19 +2,90 @@ "id": "CVE-2023-34981", "sourceIdentifier": "security@apache.org", "published": "2023-06-21T11:15:09.410", - "lastModified": "2023-06-21T12:29:48.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T17:56:03.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:8.5.88:*:*:*:*:*:*:*", + "matchCriteriaId": "E6EE9DE8-16EA-44D0-A03D-69F319D7DA00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.74:*:*:*:*:*:*:*", + "matchCriteriaId": "16971568-BE35-4653-B828-B66982DF6E21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "74C4852D-81E8-46EC-8B54-313CB096B34A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36363.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36363.json index 880c267da89..158f95ed603 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36363.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36363.json @@ -2,19 +2,82 @@ "id": "CVE-2023-36363", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T14:15:09.740", - "lastModified": "2023-06-22T14:49:18.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T16:49:34.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:monetdb:monetdb:11.45.17:*:*:*:*:*:*:*", + "matchCriteriaId": "FDFC7EDE-25CA-42BF-8D78-5EDBF01ED8F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:monetdb:monetdb:11.46.0:*:*:*:*:*:*:*", + "matchCriteriaId": "547C7347-281D-4B2F-99B3-7C0C8DF14194" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MonetDB/MonetDB/issues/7384", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 6be2c9a000a..e8eb7355e4c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-28T16:00:29.495226+00:00 +2023-06-28T18:00:33.751734+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-28T15:59:59.863000+00:00 +2023-06-28T17:56:58.883000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218737 +218739 ``` ### CVEs added in the last Commit -Recently added CVEs: `28` +Recently added CVEs: `2` -* [CVE-2023-20006](CVE-2023/CVE-2023-200xx/CVE-2023-20006.json) (`2023-06-28T15:15:09.387`) -* [CVE-2023-20028](CVE-2023/CVE-2023-200xx/CVE-2023-20028.json) (`2023-06-28T15:15:09.457`) -* [CVE-2023-20105](CVE-2023/CVE-2023-201xx/CVE-2023-20105.json) (`2023-06-28T15:15:09.517`) -* [CVE-2023-20108](CVE-2023/CVE-2023-201xx/CVE-2023-20108.json) (`2023-06-28T15:15:09.577`) -* [CVE-2023-20116](CVE-2023/CVE-2023-201xx/CVE-2023-20116.json) (`2023-06-28T15:15:09.640`) -* [CVE-2023-20119](CVE-2023/CVE-2023-201xx/CVE-2023-20119.json) (`2023-06-28T15:15:09.700`) -* [CVE-2023-20120](CVE-2023/CVE-2023-201xx/CVE-2023-20120.json) (`2023-06-28T15:15:09.760`) -* [CVE-2023-20136](CVE-2023/CVE-2023-201xx/CVE-2023-20136.json) (`2023-06-28T15:15:09.820`) -* [CVE-2023-20178](CVE-2023/CVE-2023-201xx/CVE-2023-20178.json) (`2023-06-28T15:15:09.880`) -* [CVE-2023-20188](CVE-2023/CVE-2023-201xx/CVE-2023-20188.json) (`2023-06-28T15:15:09.943`) -* [CVE-2023-20192](CVE-2023/CVE-2023-201xx/CVE-2023-20192.json) (`2023-06-28T15:15:10.007`) -* [CVE-2023-20199](CVE-2023/CVE-2023-201xx/CVE-2023-20199.json) (`2023-06-28T15:15:10.070`) -* [CVE-2023-26615](CVE-2023/CVE-2023-266xx/CVE-2023-26615.json) (`2023-06-28T15:15:10.137`) -* [CVE-2023-34933](CVE-2023/CVE-2023-349xx/CVE-2023-34933.json) (`2023-06-28T15:15:10.193`) -* [CVE-2023-34934](CVE-2023/CVE-2023-349xx/CVE-2023-34934.json) (`2023-06-28T15:15:10.240`) -* [CVE-2023-34935](CVE-2023/CVE-2023-349xx/CVE-2023-34935.json) (`2023-06-28T15:15:10.283`) -* [CVE-2023-34936](CVE-2023/CVE-2023-349xx/CVE-2023-34936.json) (`2023-06-28T15:15:10.333`) -* [CVE-2023-34937](CVE-2023/CVE-2023-349xx/CVE-2023-34937.json) (`2023-06-28T15:15:10.377`) -* [CVE-2023-30259](CVE-2023/CVE-2023-302xx/CVE-2023-30259.json) (`2023-06-28T14:15:09.677`) -* [CVE-2023-34928](CVE-2023/CVE-2023-349xx/CVE-2023-34928.json) (`2023-06-28T14:15:09.743`) -* [CVE-2023-34929](CVE-2023/CVE-2023-349xx/CVE-2023-34929.json) (`2023-06-28T14:15:09.790`) -* [CVE-2023-34930](CVE-2023/CVE-2023-349xx/CVE-2023-34930.json) (`2023-06-28T14:15:09.833`) -* [CVE-2023-34931](CVE-2023/CVE-2023-349xx/CVE-2023-34931.json) (`2023-06-28T14:15:09.877`) -* [CVE-2023-34932](CVE-2023/CVE-2023-349xx/CVE-2023-34932.json) (`2023-06-28T14:15:09.923`) -* [CVE-2023-36467](CVE-2023/CVE-2023-364xx/CVE-2023-36467.json) (`2023-06-28T14:15:09.967`) +* [CVE-2023-27866](CVE-2023/CVE-2023-278xx/CVE-2023-27866.json) (`2023-06-28T16:15:19.717`) +* [CVE-2023-2625](CVE-2023/CVE-2023-26xx/CVE-2023-2625.json) (`2023-06-28T17:15:10.627`) ### CVEs modified in the last Commit -Recently modified CVEs: `54` +Recently modified CVEs: `16` -* [CVE-2023-3427](CVE-2023/CVE-2023-34xx/CVE-2023-3427.json) (`2023-06-28T12:34:43.903`) -* [CVE-2023-1844](CVE-2023/CVE-2023-18xx/CVE-2023-1844.json) (`2023-06-28T12:34:43.903`) -* [CVE-2023-3407](CVE-2023/CVE-2023-34xx/CVE-2023-3407.json) (`2023-06-28T12:34:43.903`) -* [CVE-2023-26134](CVE-2023/CVE-2023-261xx/CVE-2023-26134.json) (`2023-06-28T12:34:43.903`) -* [CVE-2023-32623](CVE-2023/CVE-2023-326xx/CVE-2023-32623.json) (`2023-06-28T12:34:43.903`) -* [CVE-2023-3034](CVE-2023/CVE-2023-30xx/CVE-2023-3034.json) (`2023-06-28T12:34:43.903`) -* [CVE-2023-34340](CVE-2023/CVE-2023-343xx/CVE-2023-34340.json) (`2023-06-28T12:43:31.883`) -* [CVE-2023-33869](CVE-2023/CVE-2023-338xx/CVE-2023-33869.json) (`2023-06-28T12:51:10.270`) -* [CVE-2023-3325](CVE-2023/CVE-2023-33xx/CVE-2023-3325.json) (`2023-06-28T13:26:34.913`) -* [CVE-2023-27243](CVE-2023/CVE-2023-272xx/CVE-2023-27243.json) (`2023-06-28T13:50:19.303`) -* [CVE-2023-36630](CVE-2023/CVE-2023-366xx/CVE-2023-36630.json) (`2023-06-28T14:15:10.047`) -* [CVE-2023-27414](CVE-2023/CVE-2023-274xx/CVE-2023-27414.json) (`2023-06-28T14:30:54.427`) -* [CVE-2023-27432](CVE-2023/CVE-2023-274xx/CVE-2023-27432.json) (`2023-06-28T14:31:07.147`) -* [CVE-2023-28956](CVE-2023/CVE-2023-289xx/CVE-2023-28956.json) (`2023-06-28T14:51:02.947`) -* [CVE-2023-0969](CVE-2023/CVE-2023-09xx/CVE-2023-0969.json) (`2023-06-28T14:59:30.573`) -* [CVE-2023-34012](CVE-2023/CVE-2023-340xx/CVE-2023-34012.json) (`2023-06-28T15:04:03.897`) -* [CVE-2023-33842](CVE-2023/CVE-2023-338xx/CVE-2023-33842.json) (`2023-06-28T15:08:42.347`) -* [CVE-2023-3303](CVE-2023/CVE-2023-33xx/CVE-2023-3303.json) (`2023-06-28T15:19:14.713`) -* [CVE-2023-3304](CVE-2023/CVE-2023-33xx/CVE-2023-3304.json) (`2023-06-28T15:21:27.977`) -* [CVE-2023-32449](CVE-2023/CVE-2023-324xx/CVE-2023-32449.json) (`2023-06-28T15:21:44.097`) -* [CVE-2023-29711](CVE-2023/CVE-2023-297xx/CVE-2023-29711.json) (`2023-06-28T15:33:24.683`) -* [CVE-2023-33405](CVE-2023/CVE-2023-334xx/CVE-2023-33405.json) (`2023-06-28T15:46:39.587`) -* [CVE-2023-33591](CVE-2023/CVE-2023-335xx/CVE-2023-33591.json) (`2023-06-28T15:47:35.893`) -* [CVE-2023-24261](CVE-2023/CVE-2023-242xx/CVE-2023-24261.json) (`2023-06-28T15:57:40.363`) -* [CVE-2023-3110](CVE-2023/CVE-2023-31xx/CVE-2023-3110.json) (`2023-06-28T15:59:59.863`) +* [CVE-2019-25152](CVE-2019/CVE-2019-251xx/CVE-2019-25152.json) (`2023-06-28T17:44:14.823`) +* [CVE-2022-45287](CVE-2022/CVE-2022-452xx/CVE-2022-45287.json) (`2023-06-28T17:33:09.597`) +* [CVE-2022-3372](CVE-2022/CVE-2022-33xx/CVE-2022-3372.json) (`2023-06-28T17:45:46.973`) +* [CVE-2023-27443](CVE-2023/CVE-2023-274xx/CVE-2023-27443.json) (`2023-06-28T16:01:26.587`) +* [CVE-2023-27450](CVE-2023/CVE-2023-274xx/CVE-2023-27450.json) (`2023-06-28T16:02:29.510`) +* [CVE-2023-0970](CVE-2023/CVE-2023-09xx/CVE-2023-0970.json) (`2023-06-28T16:05:03.873`) +* [CVE-2023-0971](CVE-2023/CVE-2023-09xx/CVE-2023-0971.json) (`2023-06-28T16:10:43.917`) +* [CVE-2023-0972](CVE-2023/CVE-2023-09xx/CVE-2023-0972.json) (`2023-06-28T16:15:36.920`) +* [CVE-2023-25435](CVE-2023/CVE-2023-254xx/CVE-2023-25435.json) (`2023-06-28T16:20:23.263`) +* [CVE-2023-31868](CVE-2023/CVE-2023-318xx/CVE-2023-31868.json) (`2023-06-28T16:32:29.423`) +* [CVE-2023-34939](CVE-2023/CVE-2023-349xx/CVE-2023-34939.json) (`2023-06-28T16:40:31.400`) +* [CVE-2023-33289](CVE-2023/CVE-2023-332xx/CVE-2023-33289.json) (`2023-06-28T16:44:05.340`) +* [CVE-2023-36363](CVE-2023/CVE-2023-363xx/CVE-2023-36363.json) (`2023-06-28T16:49:34.877`) +* [CVE-2023-30500](CVE-2023/CVE-2023-305xx/CVE-2023-30500.json) (`2023-06-28T17:52:48.087`) +* [CVE-2023-34981](CVE-2023/CVE-2023-349xx/CVE-2023-34981.json) (`2023-06-28T17:56:03.113`) +* [CVE-2023-25367](CVE-2023/CVE-2023-253xx/CVE-2023-25367.json) (`2023-06-28T17:56:58.883`) ## Download and Usage