diff --git a/CVE-2020/CVE-2020-200xx/CVE-2020-20021.json b/CVE-2020/CVE-2020-200xx/CVE-2020-20021.json index 81074ae953c..ff0c2823a34 100644 --- a/CVE-2020/CVE-2020-200xx/CVE-2020-20021.json +++ b/CVE-2020/CVE-2020-200xx/CVE-2020-20021.json @@ -2,27 +2,91 @@ "id": "CVE-2020-20021", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-12T13:15:09.060", - "lastModified": "2023-07-12T13:56:22.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:14:20.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.46.3", + "matchCriteriaId": "0FE16B96-C8E2-414D-949C-693087370840" + } + ] + } + ] + } + ], "references": [ { "url": "http://mikrotik.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "http://router.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.exploit-db.com/exploits/48228", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-287xx/CVE-2022-28733.json b/CVE-2022/CVE-2022-287xx/CVE-2022-28733.json new file mode 100644 index 00000000000..10e42f302a3 --- /dev/null +++ b/CVE-2022/CVE-2022-287xx/CVE-2022-28733.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2022-28733", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-07-20T01:15:10.140", + "lastModified": "2023-07-20T01:15:10.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-287xx/CVE-2022-28734.json b/CVE-2022/CVE-2022-287xx/CVE-2022-28734.json new file mode 100644 index 00000000000..b760356f925 --- /dev/null +++ b/CVE-2022/CVE-2022-287xx/CVE-2022-28734.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2022-28734", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-07-20T01:15:10.243", + "lastModified": "2023-07-20T01:15:10.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-287xx/CVE-2022-28735.json b/CVE-2022/CVE-2022-287xx/CVE-2022-28735.json new file mode 100644 index 00000000000..b24d9513f53 --- /dev/null +++ b/CVE-2022/CVE-2022-287xx/CVE-2022-28735.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2022-28735", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-07-20T01:15:10.320", + "lastModified": "2023-07-20T01:15:10.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-287xx/CVE-2022-28736.json b/CVE-2022/CVE-2022-287xx/CVE-2022-28736.json new file mode 100644 index 00000000000..3976d222be5 --- /dev/null +++ b/CVE-2022/CVE-2022-287xx/CVE-2022-28736.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2022-28736", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-07-20T01:15:10.400", + "lastModified": "2023-07-20T01:15:10.400", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-287xx/CVE-2022-28737.json b/CVE-2022/CVE-2022-287xx/CVE-2022-28737.json new file mode 100644 index 00000000000..8e0de96d3a2 --- /dev/null +++ b/CVE-2022/CVE-2022-287xx/CVE-2022-28737.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2022-28737", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-07-20T01:15:10.473", + "lastModified": "2023-07-20T01:15:10.473", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-420xx/CVE-2022-42009.json b/CVE-2022/CVE-2022-420xx/CVE-2022-42009.json index 7f70522712c..df710cdb19a 100644 --- a/CVE-2022/CVE-2022-420xx/CVE-2022-42009.json +++ b/CVE-2022/CVE-2022-420xx/CVE-2022-42009.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42009", "sourceIdentifier": "security@apache.org", "published": "2023-07-12T10:15:09.447", - "lastModified": "2023-07-12T12:46:11.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:22:32.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@apache.org", "type": "Secondary", @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.7.0", + "versionEndExcluding": "2.7.7", + "matchCriteriaId": "1CBE8084-8AA5-47EA-A0DE-2725AAB7FEC6" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45855.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45855.json index 3efe98fa835..4df83af5511 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45855.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45855.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45855", "sourceIdentifier": "security@apache.org", "published": "2023-07-12T10:15:09.547", - "lastModified": "2023-07-12T12:46:11.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:19:07.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@apache.org", "type": "Secondary", @@ -46,10 +66,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.7.0", + "versionEndExcluding": "2.7.7", + "matchCriteriaId": "1CBE8084-8AA5-47EA-A0DE-2725AAB7FEC6" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24492.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24492.json index 3abc69dd207..10f20cad1c5 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24492.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24492.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24492", "sourceIdentifier": "secure@citrix.com", "published": "2023-07-11T22:15:09.817", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:49:10.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.5.2", + "matchCriteriaId": "E7BCE71C-4A98-43E1-BCB0-DB92CE369902" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492", - "source": "secure@citrix.com" + "source": "secure@citrix.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2762.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2762.json index 5190def7356..602d85b176e 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2762.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2762.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2762", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2023-07-12T08:15:09.953", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:49:48.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2021", + "versionEndIncluding": "2023", + "matchCriteriaId": "DEDAD2EF-39E2-4F55-ADCD-8B7FBFA2E2AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.3ds.com/vulnerability/advisories", - "source": "3DS.Information-Security@3ds.com" + "source": "3DS.Information-Security@3ds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2763.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2763.json index 5c896a568d3..a565a5caf46 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2763.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2763.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2763", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2023-07-12T08:15:10.010", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:56:00.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -35,6 +55,20 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -50,10 +84,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2021", + "versionEndIncluding": "2023", + "matchCriteriaId": "DEDAD2EF-39E2-4F55-ADCD-8B7FBFA2E2AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.3ds.com/vulnerability/advisories", - "source": "3DS.Information-Security@3ds.com" + "source": "3DS.Information-Security@3ds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30928.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30928.json index 875cced5940..e0479f33aa7 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30928.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30928.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30928", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.417", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:56:16.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30932.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30932.json index 0bddd5bf558..3b7a4d4941f 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30932.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30932.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30932", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.570", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T00:29:14.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30933.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30933.json index f823c206c2e..7b0739a6257 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30933.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30933.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30933", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.610", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T00:33:36.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30934.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30934.json index be19b494f9b..c2af1c3a144 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30934.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30934.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30934", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.650", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T00:44:03.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30935.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30935.json index e4af649884f..cd933e17a41 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30935.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30935.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30935", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.690", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T00:47:56.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30936.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30936.json index cb447587c55..7b9e6682262 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30936.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30936.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30936", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.730", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:47:35.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30937.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30937.json index 5f773826cf9..a9c7e28e499 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30937.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30937.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30937", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.773", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:46:05.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30938.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30938.json index 397d5561b16..bd88aa794bc 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30938.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30938.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30938", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.810", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:55:49.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30939.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30939.json index 5ecd722eba1..3dfcf323cc6 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30939.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30939.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30939", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.860", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:56:36.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30940.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30940.json index 0804090c32d..62dd8ebabcb 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30940.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30940.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30940", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.903", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:53:12.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30941.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30941.json index ace86223ecf..1d290cc2963 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30941.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30941.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30941", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.947", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:50:32.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3072.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3072.json new file mode 100644 index 00000000000..9699d0ab3a2 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3072.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3072", + "sourceIdentifier": "security@hashicorp.com", + "published": "2023-07-20T00:15:10.347", + "lastModified": "2023-07-20T00:15:10.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270", + "source": "security@hashicorp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3108.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3108.json index c89bf6fb138..8f23449c8bc 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3108.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3108.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3108", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-11T16:15:12.083", - "lastModified": "2023-07-11T16:16:52.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:56:37.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +54,59 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.0", + "matchCriteriaId": "DC9EC537-FFAB-44B8-BED0-01722C0D9A01" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3108", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221472", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/torvalds/linux/commit/9399f0c51489ae8c16d6559b82a452fdc1895e91", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3127.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3127.json index 42e229305f7..c95f058ac97 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3127.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3127.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3127", "sourceIdentifier": "productsecurity@jci.com", "published": "2023-07-11T22:15:09.907", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:49:31.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "productsecurity@jci.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "productsecurity@jci.com", "type": "Secondary", @@ -46,14 +76,157 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8.6", + "versionEndExcluding": "6.9.2", + "matchCriteriaId": "C49B542F-166F-4385-B910-705064C5B109" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:6.9.2:-:*:*:*:*:*:*", + "matchCriteriaId": "7AF26AC6-083F-4BB3-86AF-8730E2BFD397" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F89B3465-8274-49E5-8290-1893B4C2AC07" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_lt_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8.6", + "versionEndExcluding": "6.9.2", + "matchCriteriaId": "C9D2D8D5-A67D-45DD-A718-37C29D633931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_lt_firmware:6.9.2:-:*:*:*:*:*:*", + "matchCriteriaId": "5294AD55-D524-4E5A-ACEC-7685974A9415" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra_lt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A759A7FA-5AEA-48D8-B40E-B0DA7223F0F4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_g2_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9.2", + "matchCriteriaId": "85B7CE5A-A2A1-4433-B85A-8B6255B3D657" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_g2_firmware:6.9.2:-:*:*:*:*:*:*", + "matchCriteriaId": "7A3A4BDF-12FE-43C9-8CD4-0CA764E08175" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra_g2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A148D700-5542-473A-B88F-849180658787" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:edge_g2_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9.2", + "matchCriteriaId": "6D26CC65-9CCF-41A5-BC1B-2AAFAF9393E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:edge_g2_firmware:6.9.2:-:*:*:*:*:*:*", + "matchCriteriaId": "C629C7CF-4372-494D-8B1C-CC4795356E03" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:johnsoncontrols:edge_g2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95BBCCE7-3098-41B0-A388-53E3DA9A29B9" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02", - "source": "productsecurity@jci.com" + "source": "productsecurity@jci.com", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", - "source": "productsecurity@jci.com" + "source": "productsecurity@jci.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32200.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32200.json index 90e91d5deb9..aeded3fe469 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32200.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32200.json @@ -2,15 +2,38 @@ "id": "CVE-2023-32200", "sourceIdentifier": "security@apache.org", "published": "2023-07-12T08:15:10.070", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:05:41.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There is insufficient restrictions of called script functions in Apache Jena\n versions 4.8.0 and earlier. It allows a \nremote user to execute javascript via a SPARQL query.\nThis issue affects Apache Jena: from 3.7.0 through 4.8.0.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -23,14 +46,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:jena:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7.0", + "versionEndIncluding": "4.8.0", + "matchCriteriaId": "16650542-BB5B-4572-862A-B3122A20D882" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/7hg0t2kws3fyr75dl7lll8389xzzc46z", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-22665", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3269.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3269.json index fe321621647..86799fd0bf8 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3269.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3269.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3269", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-11T12:15:10.047", - "lastModified": "2023-07-12T03:15:09.210", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:56:56.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,22 +54,87 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3269", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215268", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/07/05/1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3299.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3299.json new file mode 100644 index 00000000000..44ef279010b --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3299.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3299", + "sourceIdentifier": "security@hashicorp.com", + "published": "2023-07-20T00:15:10.447", + "lastModified": "2023-07-20T00:15:10.447", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nHashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.hashicorp.com/t/hcsec-2023-21-nomad-caller-acl-tokens-secret-id-is-exposed-to-sentinel/56271", + "source": "security@hashicorp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33903.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33903.json index d6b757247fd..536d3a80e66 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33903.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33903.json @@ -2,19 +2,161 @@ "id": "CVE-2023-33903", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:13.740", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:36:29.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8001:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C19D81B8-E84D-4385-A4B5-B7914BBAFF33" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33904.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33904.json index 75fb13cbd97..2a0cea27af7 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33904.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33904.json @@ -2,19 +2,156 @@ "id": "CVE-2023-33904", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:14.267", - "lastModified": "2023-07-12T12:46:11.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:35:11.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33905.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33905.json index c2e9b77f857..b98d86f067b 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33905.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33905.json @@ -2,19 +2,161 @@ "id": "CVE-2023-33905", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:14.483", - "lastModified": "2023-07-12T12:46:11.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:31:40.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3300.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3300.json new file mode 100644 index 00000000000..61b8d9bfb90 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3300.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3300", + "sourceIdentifier": "security@hashicorp.com", + "published": "2023-07-20T00:15:10.527", + "lastModified": "2023-07-20T00:15:10.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272", + "source": "security@hashicorp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36825.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36825.json index 3cd3abb6b6d..564b97e6660 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36825.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36825.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36825", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-11T18:15:20.417", - "lastModified": "2023-07-18T13:15:11.907", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:47:19.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,64 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:orchid:platform:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.1", + "versionEndExcluding": "14.5.0", + "matchCriteriaId": "DF882026-A429-4924-B84E-29DD6A1F9990" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:orchid:platform:14.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BC8FD5E1-EFAA-4123-A0A3-9EE96719643B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:orchid:platform:14.0.0:alpha4:*:*:*:*:*:*", + "matchCriteriaId": "2D9AF0E5-E01D-4032-AF71-6FC428232D26" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:orchid:platform:14.0.0:alpha5:*:*:*:*:*:*", + "matchCriteriaId": "1B2F7B9C-98DC-43A5-8CFF-916CAEB67284" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:orchid:platform:14.0.0:alpha6:*:*:*:*:*:*", + "matchCriteriaId": "36C441C1-F1B6-46F7-96B8-F5BB222BCDB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:orchid:platform:14.0.0:alpha7:*:*:*:*:*:*", + "matchCriteriaId": "BDF364F5-A581-481C-9A21-F0FF2ABE6726" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/orchidsoftware/platform/releases/tag/14.5.0", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/orchidsoftware/platform/security/advisories/GHSA-ph6g-p72v-pc3p", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3641.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3641.json index 6c74155127b..b7f683bb786 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3641.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3641.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3641", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-12T17:15:08.960", - "lastModified": "2023-07-12T17:58:08.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:59:35.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodcms:nodcms:3.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F19C24DC-3C38-4ACB-9070-5BB865175D78" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.233887", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233887", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37199.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37199.json index 4477e6ef6bf..517de5f591b 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37199.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37199.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37199", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-07-12T08:15:10.133", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T00:40:11.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.9.3", + "matchCriteriaId": "DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37200.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37200.json index e3189420195..4cb96782f31 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37200.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37200.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37200", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-07-12T08:15:10.203", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T00:35:09.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.01", + "matchCriteriaId": "89F38F9E-3BD3-4964-A940-89A54C2445BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:2.01:-:*:*:*:*:*:*", + "matchCriteriaId": "57255D20-34C7-45D8-9139-B61444E7AAD4" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-02.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37630.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37630.json index 31d79b68f1d..4c3f11f8bf0 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37630.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37630.json @@ -2,23 +2,82 @@ "id": "CVE-2023-37630", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-12T17:15:08.827", - "lastModified": "2023-07-12T17:58:08.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:57:57.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to \"manage-breed.php\" resulting in Persistent XSS." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simple_online_piggery_management_system_project:simple_online_piggery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7A096010-5E04-46F9-ADCA-8EE8C47B12E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37630", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37942.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37942.json index fa39972e9b5..7f8577adb88 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37942.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37942.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37942", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.007", - "lastModified": "2023-07-13T23:15:11.263", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:47:00.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:external_monitor_job_type:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "206.v9a_94ff0b_4a_10", + "matchCriteriaId": "2D437D2D-FBA0-4E38-A17C-5957F68E80B2" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3133", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37943.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37943.json index 0818747ebdc..16c804f5496 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37943.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37943.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37943", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.063", - "lastModified": "2023-07-13T23:15:11.313", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:46:27.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Active Directory Plugin 2.30 and earlier ignores the \"Require TLS\" and \"StartTls\" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:active_directory:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "2.30", + "matchCriteriaId": "FDD3FB1A-224D-4829-A9E0-B2944179F1FD" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3059", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37944.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37944.json index 827161c129c..4a1d45a05b6 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37944.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37944.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37944", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.117", - "lastModified": "2023-07-13T23:15:11.360", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:45:57.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:datadog:*:*:*:*:*:jenkins:*:*", + "versionEndExcluding": "5.4.2", + "matchCriteriaId": "4DBDF1D1-EC9B-41C8-B865-E0F5627C68F4" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3130", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37945.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37945.json index c22bcf71b6a..d4cbf482dab 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37945.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37945.json @@ -2,23 +2,84 @@ "id": "CVE-2023-37945", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.173", - "lastModified": "2023-07-13T23:15:11.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:45:33.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:saml_single_sign_on:*:*:*:*:*:jenkins:*:*", + "versionStartIncluding": "2.1.0", + "versionEndExcluding": "2.3.1", + "matchCriteriaId": "E3FE8A76-84F1-4175-82AD-DA194A55B9E6" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3164", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37951.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37951.json index 878050c08d3..454527c9354 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37951.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37951.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37951", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.473", - "lastModified": "2023-07-13T23:15:11.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:45:11.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:mabl:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "0.0.46", + "matchCriteriaId": "B3FBDD36-B8F3-41BD-A956-FE096CA0CD01" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3137%20(2)", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37952.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37952.json index 5fa34bedbf4..87d70569a0d 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37952.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37952.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37952", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.520", - "lastModified": "2023-07-13T23:15:11.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:44:51.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:mabl:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "0.0.46", + "matchCriteriaId": "B3FBDD36-B8F3-41BD-A956-FE096CA0CD01" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3127", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37953.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37953.json index 232f51994c2..fef77486507 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37953.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37953.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37953", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.573", - "lastModified": "2023-07-13T23:15:11.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:44:38.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:mabl:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "0.0.46", + "matchCriteriaId": "B3FBDD36-B8F3-41BD-A956-FE096CA0CD01" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3127", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37954.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37954.json index 59855045eff..f467c8cb680 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37954.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37954.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37954", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.620", - "lastModified": "2023-07-13T23:15:11.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:43:50.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:rebuilder:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "320.v5a_0933a_e7d61", + "matchCriteriaId": "F446C1F1-A291-47B6-932D-65D96AD9B2AB" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3033", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37955.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37955.json index 366f29112e6..1334bb5db46 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37955.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37955.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37955", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.677", - "lastModified": "2023-07-13T23:15:11.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:43:38.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:test_results_aggregator:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.2.13", + "matchCriteriaId": "44A86C07-24C7-4842-9AB2-B9E94AB79B5F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3122", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38061.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38061.json index f4e27711d1f..9af06e48923 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38061.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38061.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38061", "sourceIdentifier": "security@jetbrains.com", "published": "2023-07-12T13:15:09.237", - "lastModified": "2023-07-12T13:56:22.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T01:09:12.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@jetbrains.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.05.1", + "matchCriteriaId": "46175D6A-9392-4ABE-983F-50501F7876A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "security@jetbrains.com" + "source": "security@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index b9578665006..9be73aaaf5c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-19T23:55:37.409361+00:00 +2023-07-20T02:00:46.310594+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-19T22:15:11.380000+00:00 +2023-07-20T01:59:35.997000+00:00 ``` ### Last Data Feed Release @@ -29,60 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -220705 +220713 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `8` -* [CVE-2023-37733](CVE-2023/CVE-2023-377xx/CVE-2023-37733.json) (`2023-07-19T19:15:11.947`) -* [CVE-2023-3466](CVE-2023/CVE-2023-34xx/CVE-2023-3466.json) (`2023-07-19T19:15:12.017`) -* [CVE-2023-3467](CVE-2023/CVE-2023-34xx/CVE-2023-3467.json) (`2023-07-19T19:15:12.110`) -* [CVE-2023-3674](CVE-2023/CVE-2023-36xx/CVE-2023-3674.json) (`2023-07-19T19:15:12.213`) -* [CVE-2023-37276](CVE-2023/CVE-2023-372xx/CVE-2023-37276.json) (`2023-07-19T20:15:10.603`) -* [CVE-2023-37899](CVE-2023/CVE-2023-378xx/CVE-2023-37899.json) (`2023-07-19T20:15:10.807`) -* [CVE-2023-3722](CVE-2023/CVE-2023-37xx/CVE-2023-3722.json) (`2023-07-19T20:15:11.020`) -* [CVE-2023-3519](CVE-2023/CVE-2023-35xx/CVE-2023-3519.json) (`2023-07-19T18:15:11.513`) -* [CVE-2023-26217](CVE-2023/CVE-2023-262xx/CVE-2023-26217.json) (`2023-07-19T21:15:09.783`) -* [CVE-2023-3782](CVE-2023/CVE-2023-37xx/CVE-2023-3782.json) (`2023-07-19T21:15:10.093`) -* [CVE-2023-32657](CVE-2023/CVE-2023-326xx/CVE-2023-32657.json) (`2023-07-19T22:15:10.743`) -* [CVE-2023-34394](CVE-2023/CVE-2023-343xx/CVE-2023-34394.json) (`2023-07-19T22:15:10.983`) -* [CVE-2023-34429](CVE-2023/CVE-2023-344xx/CVE-2023-34429.json) (`2023-07-19T22:15:11.073`) -* [CVE-2023-35134](CVE-2023/CVE-2023-351xx/CVE-2023-35134.json) (`2023-07-19T22:15:11.170`) -* [CVE-2023-36853](CVE-2023/CVE-2023-368xx/CVE-2023-36853.json) (`2023-07-19T22:15:11.267`) -* [CVE-2023-37362](CVE-2023/CVE-2023-373xx/CVE-2023-37362.json) (`2023-07-19T22:15:11.380`) +* [CVE-2022-28733](CVE-2022/CVE-2022-287xx/CVE-2022-28733.json) (`2023-07-20T01:15:10.140`) +* [CVE-2022-28734](CVE-2022/CVE-2022-287xx/CVE-2022-28734.json) (`2023-07-20T01:15:10.243`) +* [CVE-2022-28735](CVE-2022/CVE-2022-287xx/CVE-2022-28735.json) (`2023-07-20T01:15:10.320`) +* [CVE-2022-28736](CVE-2022/CVE-2022-287xx/CVE-2022-28736.json) (`2023-07-20T01:15:10.400`) +* [CVE-2022-28737](CVE-2022/CVE-2022-287xx/CVE-2022-28737.json) (`2023-07-20T01:15:10.473`) +* [CVE-2023-3072](CVE-2023/CVE-2023-30xx/CVE-2023-3072.json) (`2023-07-20T00:15:10.347`) +* [CVE-2023-3299](CVE-2023/CVE-2023-32xx/CVE-2023-3299.json) (`2023-07-20T00:15:10.447`) +* [CVE-2023-3300](CVE-2023/CVE-2023-33xx/CVE-2023-3300.json) (`2023-07-20T00:15:10.527`) ### CVEs modified in the last Commit -Recently modified CVEs: `40` +Recently modified CVEs: `39` -* [CVE-2023-32315](CVE-2023/CVE-2023-323xx/CVE-2023-32315.json) (`2023-07-19T18:15:11.090`) -* [CVE-2023-32664](CVE-2023/CVE-2023-326xx/CVE-2023-32664.json) (`2023-07-19T18:15:11.197`) -* [CVE-2023-33148](CVE-2023/CVE-2023-331xx/CVE-2023-33148.json) (`2023-07-19T18:15:11.273`) -* [CVE-2023-33866](CVE-2023/CVE-2023-338xx/CVE-2023-33866.json) (`2023-07-19T18:15:11.360`) -* [CVE-2023-3446](CVE-2023/CVE-2023-34xx/CVE-2023-3446.json) (`2023-07-19T18:15:11.453`) -* [CVE-2023-3525](CVE-2023/CVE-2023-35xx/CVE-2023-3525.json) (`2023-07-19T18:25:12.327`) -* [CVE-2023-31213](CVE-2023/CVE-2023-312xx/CVE-2023-31213.json) (`2023-07-19T18:25:45.263`) -* [CVE-2023-36924](CVE-2023/CVE-2023-369xx/CVE-2023-36924.json) (`2023-07-19T18:29:41.167`) -* [CVE-2023-32627](CVE-2023/CVE-2023-326xx/CVE-2023-32627.json) (`2023-07-19T18:30:20.557`) -* [CVE-2023-26590](CVE-2023/CVE-2023-265xx/CVE-2023-26590.json) (`2023-07-19T18:30:31.940`) -* [CVE-2023-29406](CVE-2023/CVE-2023-294xx/CVE-2023-29406.json) (`2023-07-19T18:31:04.573`) -* [CVE-2023-37280](CVE-2023/CVE-2023-372xx/CVE-2023-37280.json) (`2023-07-19T18:31:42.580`) -* [CVE-2023-20575](CVE-2023/CVE-2023-205xx/CVE-2023-20575.json) (`2023-07-19T18:32:04.807`) -* [CVE-2023-37271](CVE-2023/CVE-2023-372xx/CVE-2023-37271.json) (`2023-07-19T18:32:26.387`) -* [CVE-2023-3369](CVE-2023/CVE-2023-33xx/CVE-2023-3369.json) (`2023-07-19T18:37:17.500`) -* [CVE-2023-3624](CVE-2023/CVE-2023-36xx/CVE-2023-3624.json) (`2023-07-19T18:46:49.327`) -* [CVE-2023-3623](CVE-2023/CVE-2023-36xx/CVE-2023-3623.json) (`2023-07-19T18:48:01.020`) -* [CVE-2023-30929](CVE-2023/CVE-2023-309xx/CVE-2023-30929.json) (`2023-07-19T18:49:37.593`) -* [CVE-2023-30930](CVE-2023/CVE-2023-309xx/CVE-2023-30930.json) (`2023-07-19T18:51:48.567`) -* [CVE-2023-30931](CVE-2023/CVE-2023-309xx/CVE-2023-30931.json) (`2023-07-19T18:55:47.867`) -* [CVE-2023-33231](CVE-2023/CVE-2023-332xx/CVE-2023-33231.json) (`2023-07-19T19:15:11.807`) -* [CVE-2023-32693](CVE-2023/CVE-2023-326xx/CVE-2023-32693.json) (`2023-07-19T20:15:10.367`) -* [CVE-2023-34089](CVE-2023/CVE-2023-340xx/CVE-2023-34089.json) (`2023-07-19T21:15:09.887`) -* [CVE-2023-34329](CVE-2023/CVE-2023-343xx/CVE-2023-34329.json) (`2023-07-19T21:15:09.983`) -* [CVE-2023-34330](CVE-2023/CVE-2023-343xx/CVE-2023-34330.json) (`2023-07-19T22:15:10.897`) +* [CVE-2023-37955](CVE-2023/CVE-2023-379xx/CVE-2023-37955.json) (`2023-07-20T01:43:38.530`) +* [CVE-2023-37954](CVE-2023/CVE-2023-379xx/CVE-2023-37954.json) (`2023-07-20T01:43:50.643`) +* [CVE-2023-37953](CVE-2023/CVE-2023-379xx/CVE-2023-37953.json) (`2023-07-20T01:44:38.133`) +* [CVE-2023-37952](CVE-2023/CVE-2023-379xx/CVE-2023-37952.json) (`2023-07-20T01:44:51.670`) +* [CVE-2023-37951](CVE-2023/CVE-2023-379xx/CVE-2023-37951.json) (`2023-07-20T01:45:11.257`) +* [CVE-2023-37945](CVE-2023/CVE-2023-379xx/CVE-2023-37945.json) (`2023-07-20T01:45:33.523`) +* [CVE-2023-37944](CVE-2023/CVE-2023-379xx/CVE-2023-37944.json) (`2023-07-20T01:45:57.860`) +* [CVE-2023-30937](CVE-2023/CVE-2023-309xx/CVE-2023-30937.json) (`2023-07-20T01:46:05.337`) +* [CVE-2023-37943](CVE-2023/CVE-2023-379xx/CVE-2023-37943.json) (`2023-07-20T01:46:27.617`) +* [CVE-2023-37942](CVE-2023/CVE-2023-379xx/CVE-2023-37942.json) (`2023-07-20T01:47:00.227`) +* [CVE-2023-36825](CVE-2023/CVE-2023-368xx/CVE-2023-36825.json) (`2023-07-20T01:47:19.413`) +* [CVE-2023-30936](CVE-2023/CVE-2023-309xx/CVE-2023-30936.json) (`2023-07-20T01:47:35.127`) +* [CVE-2023-24492](CVE-2023/CVE-2023-244xx/CVE-2023-24492.json) (`2023-07-20T01:49:10.613`) +* [CVE-2023-3127](CVE-2023/CVE-2023-31xx/CVE-2023-3127.json) (`2023-07-20T01:49:31.853`) +* [CVE-2023-2762](CVE-2023/CVE-2023-27xx/CVE-2023-2762.json) (`2023-07-20T01:49:48.370`) +* [CVE-2023-30941](CVE-2023/CVE-2023-309xx/CVE-2023-30941.json) (`2023-07-20T01:50:32.973`) +* [CVE-2023-30940](CVE-2023/CVE-2023-309xx/CVE-2023-30940.json) (`2023-07-20T01:53:12.603`) +* [CVE-2023-30938](CVE-2023/CVE-2023-309xx/CVE-2023-30938.json) (`2023-07-20T01:55:49.427`) +* [CVE-2023-2763](CVE-2023/CVE-2023-27xx/CVE-2023-2763.json) (`2023-07-20T01:56:00.570`) +* [CVE-2023-30928](CVE-2023/CVE-2023-309xx/CVE-2023-30928.json) (`2023-07-20T01:56:16.403`) +* [CVE-2023-30939](CVE-2023/CVE-2023-309xx/CVE-2023-30939.json) (`2023-07-20T01:56:36.267`) +* [CVE-2023-3108](CVE-2023/CVE-2023-31xx/CVE-2023-3108.json) (`2023-07-20T01:56:37.593`) +* [CVE-2023-3269](CVE-2023/CVE-2023-32xx/CVE-2023-3269.json) (`2023-07-20T01:56:56.217`) +* [CVE-2023-37630](CVE-2023/CVE-2023-376xx/CVE-2023-37630.json) (`2023-07-20T01:57:57.420`) +* [CVE-2023-3641](CVE-2023/CVE-2023-36xx/CVE-2023-3641.json) (`2023-07-20T01:59:35.997`) ## Download and Usage