diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20881.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20881.json new file mode 100644 index 00000000000..c4e27301d2d --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20881.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-20881", + "sourceIdentifier": "security@vmware.com", + "published": "2023-05-19T15:15:08.673", + "lastModified": "2023-05-19T15:15:08.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://www.cloudfoundry.org/blog/cve-2023-20881-cas-for-syslog-drain-mtls-feature-can-be-overwritten/", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2156.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2156.json index 5a08039512f..b39b1123af3 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2156.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2156.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2156", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-09T22:15:10.133", - "lastModified": "2023-05-18T09:15:10.090", + "lastModified": "2023-05-19T15:15:08.840", "vulnStatus": "Modified", "descriptions": [ { @@ -116,6 +116,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/05/18/1", "source": "secalert@redhat.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/05/19/1", + "source": "secalert@redhat.com" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196292", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23313.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23313.json index 4b311fd882d..caf610f5b71 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23313.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23313.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23313", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-03T22:15:09.690", - "lastModified": "2023-03-10T14:52:03.627", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-19T14:15:09.130", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -2605,11 +2605,8 @@ ] }, { - "url": "https://www.horizonsecurity.it/lang_EN/advisories/?a=22&title=Multiple+XSS+Stored+in+DrayTek+routers+web+interface++CVE202323313", - "source": "cve@mitre.org", - "tags": [ - "Third Party Advisory" - ] + "url": "https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23396.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23396.json index a751b183aba..72095cd69f6 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23396.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23396.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23396", "sourceIdentifier": "secure@microsoft.com", "published": "2023-03-14T17:15:13.177", - "lastModified": "2023-03-20T21:20:32.613", + "lastModified": "2023-05-19T15:09:58.743", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,8 +17,8 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "attackVector": "LOCAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", @@ -26,10 +26,10 @@ "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 5.5, + "baseScore": 6.5, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.8, + "exploitabilityScore": 2.8, "impactScore": 3.6 }, { diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24892.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24892.json index ec97ea4376c..51ed00723ab 100644 --- a/CVE-2023/CVE-2023-248xx/CVE-2023-24892.json +++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24892.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24892", "sourceIdentifier": "secure@microsoft.com", "published": "2023-03-14T17:15:18.197", - "lastModified": "2023-05-09T18:15:11.823", - "vulnStatus": "Modified", + "lastModified": "2023-05-19T15:09:28.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", - "confidentialityImpact": "NONE", + "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 4.7, - "baseSeverity": "MEDIUM" + "baseScore": 8.2, + "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, - "impactScore": 1.4 + "impactScore": 4.7 } ] }, diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28514.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28514.json new file mode 100644 index 00000000000..c474c4b4cfd --- /dev/null +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28514.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-28514", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-05-19T15:15:08.750", + "lastModified": "2023-05-19T15:15:08.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6985835", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30199.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30199.json new file mode 100644 index 00000000000..a681f568ae3 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30199.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-30199", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-19T14:15:09.683", + "lastModified": "2023-05-19T14:15:09.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/16/customexporter.html", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30774.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30774.json new file mode 100644 index 00000000000..14b5ecf62e3 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30774.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-30774", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-05-19T15:15:08.923", + "lastModified": "2023-05-19T15:15:08.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-30774", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.com/libtiff/libtiff/-/issues/463", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30775.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30775.json new file mode 100644 index 00000000000..6a099633f30 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30775.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-30775", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-05-19T15:15:08.980", + "lastModified": "2023-05-19T15:15:08.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-30775", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.com/libtiff/libtiff/-/issues/464", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31707.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31707.json new file mode 100644 index 00000000000..4572bbd1e45 --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31707.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31707", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-19T14:15:09.743", + "lastModified": "2023-05-19T14:15:09.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/fnylad/SCSHOP/blob/main/semcms-1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31757.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31757.json new file mode 100644 index 00000000000..0fa28d44612 --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31757.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31757", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-19T14:15:09.780", + "lastModified": "2023-05-19T14:15:09.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/sleepyvv/vul_report/blob/main/DedeCMS/XSS.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 501b7dfdbbb..d8d6a589c00 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-19T14:00:31.074891+00:00 +2023-05-19T16:00:30.743485+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-19T13:38:43.693000+00:00 +2023-05-19T15:15:08.980000+00:00 ``` ### Last Data Feed Release @@ -29,45 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -215656 +215663 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `7` -* [CVE-2022-30114](CVE-2022/CVE-2022-301xx/CVE-2022-30114.json) (`2023-05-19T12:15:09.340`) -* [CVE-2023-26818](CVE-2023/CVE-2023-268xx/CVE-2023-26818.json) (`2023-05-19T12:15:09.407`) -* [CVE-2023-31756](CVE-2023/CVE-2023-317xx/CVE-2023-31756.json) (`2023-05-19T13:15:08.877`) -* [CVE-2023-31862](CVE-2023/CVE-2023-318xx/CVE-2023-31862.json) (`2023-05-19T13:15:08.920`) +* [CVE-2023-30199](CVE-2023/CVE-2023-301xx/CVE-2023-30199.json) (`2023-05-19T14:15:09.683`) +* [CVE-2023-31707](CVE-2023/CVE-2023-317xx/CVE-2023-31707.json) (`2023-05-19T14:15:09.743`) +* [CVE-2023-31757](CVE-2023/CVE-2023-317xx/CVE-2023-31757.json) (`2023-05-19T14:15:09.780`) +* [CVE-2023-20881](CVE-2023/CVE-2023-208xx/CVE-2023-20881.json) (`2023-05-19T15:15:08.673`) +* [CVE-2023-28514](CVE-2023/CVE-2023-285xx/CVE-2023-28514.json) (`2023-05-19T15:15:08.750`) +* [CVE-2023-30774](CVE-2023/CVE-2023-307xx/CVE-2023-30774.json) (`2023-05-19T15:15:08.923`) +* [CVE-2023-30775](CVE-2023/CVE-2023-307xx/CVE-2023-30775.json) (`2023-05-19T15:15:08.980`) ### CVEs modified in the last Commit -Recently modified CVEs: `22` +Recently modified CVEs: `4` -* [CVE-2022-35798](CVE-2022/CVE-2022-357xx/CVE-2022-35798.json) (`2023-05-19T13:00:09.947`) -* [CVE-2022-41998](CVE-2022/CVE-2022-419xx/CVE-2022-41998.json) (`2023-05-19T13:38:20.740`) -* [CVE-2022-41982](CVE-2022/CVE-2022-419xx/CVE-2022-41982.json) (`2023-05-19T13:38:43.693`) -* [CVE-2023-2025](CVE-2023/CVE-2023-20xx/CVE-2023-2025.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-1195](CVE-2023/CVE-2023-11xx/CVE-2023-1195.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-23556](CVE-2023/CVE-2023-235xx/CVE-2023-23556.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-23557](CVE-2023/CVE-2023-235xx/CVE-2023-23557.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-23759](CVE-2023/CVE-2023-237xx/CVE-2023-23759.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-24832](CVE-2023/CVE-2023-248xx/CVE-2023-24832.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-24833](CVE-2023/CVE-2023-248xx/CVE-2023-24833.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-25933](CVE-2023/CVE-2023-259xx/CVE-2023-25933.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-28081](CVE-2023/CVE-2023-280xx/CVE-2023-28081.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-28753](CVE-2023/CVE-2023-287xx/CVE-2023-28753.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-30470](CVE-2023/CVE-2023-304xx/CVE-2023-30470.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-32680](CVE-2023/CVE-2023-326xx/CVE-2023-32680.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-2704](CVE-2023/CVE-2023-27xx/CVE-2023-2704.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-1618](CVE-2023/CVE-2023-16xx/CVE-2023-1618.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-33240](CVE-2023/CVE-2023-332xx/CVE-2023-33240.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-28045](CVE-2023/CVE-2023-280xx/CVE-2023-28045.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-2806](CVE-2023/CVE-2023-28xx/CVE-2023-2806.json) (`2023-05-19T13:00:09.947`) -* [CVE-2023-2024](CVE-2023/CVE-2023-20xx/CVE-2023-2024.json) (`2023-05-19T13:00:14.387`) -* [CVE-2023-22355](CVE-2023/CVE-2023-223xx/CVE-2023-22355.json) (`2023-05-19T13:35:58.270`) +* [CVE-2023-23313](CVE-2023/CVE-2023-233xx/CVE-2023-23313.json) (`2023-05-19T14:15:09.130`) +* [CVE-2023-24892](CVE-2023/CVE-2023-248xx/CVE-2023-24892.json) (`2023-05-19T15:09:28.003`) +* [CVE-2023-23396](CVE-2023/CVE-2023-233xx/CVE-2023-23396.json) (`2023-05-19T15:09:58.743`) +* [CVE-2023-2156](CVE-2023/CVE-2023-21xx/CVE-2023-2156.json) (`2023-05-19T15:15:08.840`) ## Download and Usage