From 2ee0d0adba4d4e8aab31e51c4743de2c4ba18427 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 24 May 2023 18:00:53 +0000 Subject: [PATCH] Auto-Update: 2023-05-24T18:00:50.307933+00:00 --- CVE-2021/CVE-2021-08xx/CVE-2021-0877.json | 63 ++++- CVE-2021/CVE-2021-257xx/CVE-2021-25748.json | 59 ++++ CVE-2021/CVE-2021-257xx/CVE-2021-25749.json | 55 ++++ CVE-2022/CVE-2022-363xx/CVE-2022-36357.json | 10 +- CVE-2022/CVE-2022-40xx/CVE-2022-4048.json | 49 +++- CVE-2022/CVE-2022-453xx/CVE-2022-45364.json | 55 ++++ CVE-2022/CVE-2022-467xx/CVE-2022-46794.json | 55 ++++ CVE-2022/CVE-2022-468xx/CVE-2022-46816.json | 55 ++++ CVE-2022/CVE-2022-471xx/CVE-2022-47152.json | 55 ++++ CVE-2022/CVE-2022-471xx/CVE-2022-47180.json | 55 ++++ CVE-2022/CVE-2022-473xx/CVE-2022-47392.json | 123 ++++++++- CVE-2022/CVE-2022-474xx/CVE-2022-47446.json | 55 ++++ CVE-2022/CVE-2022-474xx/CVE-2022-47447.json | 55 ++++ CVE-2022/CVE-2022-474xx/CVE-2022-47448.json | 55 ++++ CVE-2023/CVE-2023-10xx/CVE-2023-1096.json | 73 ++++- CVE-2023/CVE-2023-11xx/CVE-2023-1174.json | 55 ++++ CVE-2023/CVE-2023-19xx/CVE-2023-1944.json | 55 ++++ CVE-2023/CVE-2023-206xx/CVE-2023-20673.json | 290 +++++++++++++++++++- CVE-2023/CVE-2023-250xx/CVE-2023-25028.json | 55 ++++ CVE-2023/CVE-2023-254xx/CVE-2023-25428.json | 69 ++++- CVE-2023/CVE-2023-259xx/CVE-2023-25927.json | 91 +++++- CVE-2023/CVE-2023-278xx/CVE-2023-27898.json | 20 +- CVE-2023/CVE-2023-279xx/CVE-2023-27905.json | 20 +- CVE-2023/CVE-2023-302xx/CVE-2023-30245.json | 69 ++++- CVE-2023/CVE-2023-319xx/CVE-2023-31983.json | 76 ++++- CVE-2023/CVE-2023-323xx/CVE-2023-32305.json | 106 ++++++- CVE-2023/CVE-2023-323xx/CVE-2023-32306.json | 47 +++- CVE-2023/CVE-2023-339xx/CVE-2023-33944.json | 55 ++++ CVE-2023/CVE-2023-339xx/CVE-2023-33945.json | 55 ++++ CVE-2023/CVE-2023-339xx/CVE-2023-33946.json | 55 ++++ CVE-2023/CVE-2023-339xx/CVE-2023-33947.json | 55 ++++ CVE-2023/CVE-2023-339xx/CVE-2023-33948.json | 55 ++++ CVE-2023/CVE-2023-339xx/CVE-2023-33949.json | 55 ++++ CVE-2023/CVE-2023-339xx/CVE-2023-33950.json | 55 ++++ README.md | 79 +++--- 35 files changed, 2177 insertions(+), 112 deletions(-) create mode 100644 CVE-2021/CVE-2021-257xx/CVE-2021-25748.json create mode 100644 CVE-2021/CVE-2021-257xx/CVE-2021-25749.json create mode 100644 CVE-2022/CVE-2022-453xx/CVE-2022-45364.json create mode 100644 CVE-2022/CVE-2022-467xx/CVE-2022-46794.json create mode 100644 CVE-2022/CVE-2022-468xx/CVE-2022-46816.json create mode 100644 CVE-2022/CVE-2022-471xx/CVE-2022-47152.json create mode 100644 CVE-2022/CVE-2022-471xx/CVE-2022-47180.json create mode 100644 CVE-2022/CVE-2022-474xx/CVE-2022-47446.json create mode 100644 CVE-2022/CVE-2022-474xx/CVE-2022-47447.json create mode 100644 CVE-2022/CVE-2022-474xx/CVE-2022-47448.json create mode 100644 CVE-2023/CVE-2023-11xx/CVE-2023-1174.json create mode 100644 CVE-2023/CVE-2023-19xx/CVE-2023-1944.json create mode 100644 CVE-2023/CVE-2023-250xx/CVE-2023-25028.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33944.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33945.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33946.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33947.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33948.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33949.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33950.json diff --git a/CVE-2021/CVE-2021-08xx/CVE-2021-0877.json b/CVE-2021/CVE-2021-08xx/CVE-2021-0877.json index 2870e55bc09..97564a4260b 100644 --- a/CVE-2021/CVE-2021-08xx/CVE-2021-0877.json +++ b/CVE-2021/CVE-2021-08xx/CVE-2021-0877.json @@ -2,19 +2,74 @@ "id": "CVE-2021-0877", "sourceIdentifier": "security@android.com", "published": "2023-05-15T22:15:10.163", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T17:09:58.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Product: AndroidVersions: Android SoCAndroid ID: A-273754094" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-05-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-257xx/CVE-2021-25748.json b/CVE-2021/CVE-2021-257xx/CVE-2021-25748.json new file mode 100644 index 00000000000..26f29d279bd --- /dev/null +++ b/CVE-2021/CVE-2021-257xx/CVE-2021-25748.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2021-25748", + "sourceIdentifier": "jordan@liggitt.net", + "published": "2023-05-24T17:15:09.253", + "lastModified": "2023-05-24T17:15:09.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kubernetes/ingress-nginx/issues/8686", + "source": "jordan@liggitt.net" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8", + "source": "jordan@liggitt.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-257xx/CVE-2021-25749.json b/CVE-2021/CVE-2021-257xx/CVE-2021-25749.json new file mode 100644 index 00000000000..d6763fa63f3 --- /dev/null +++ b/CVE-2021/CVE-2021-257xx/CVE-2021-25749.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-25749", + "sourceIdentifier": "jordan@liggitt.net", + "published": "2023-05-24T17:15:09.413", + "lastModified": "2023-05-24T17:15:09.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA", + "source": "jordan@liggitt.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36357.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36357.json index 30c0fbb4419..59b0fd6a635 100644 --- a/CVE-2022/CVE-2022-363xx/CVE-2022-36357.json +++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36357.json @@ -2,12 +2,12 @@ "id": "CVE-2022-36357", "sourceIdentifier": "audit@patchstack.com", "published": "2022-11-17T23:15:15.760", - "lastModified": "2022-11-22T14:07:20.327", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T16:15:09.193", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE TABLES plugin <= 1.6.5 on WordPress." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilon ULTIMATE TABLES plugin <=\u00a01.6.5 versions." } ], "metrics": { @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "audit@patchstack.com", "type": "Primary", "description": [ { @@ -66,7 +66,7 @@ ] }, { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-40xx/CVE-2022-4048.json b/CVE-2022/CVE-2022-40xx/CVE-2022-4048.json index 452aca36f14..5f9c933bb8f 100644 --- a/CVE-2022/CVE-2022-40xx/CVE-2022-4048.json +++ b/CVE-2022/CVE-2022-40xx/CVE-2022-4048.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4048", "sourceIdentifier": "info@cert.vde.com", "published": "2023-05-15T10:15:10.517", - "lastModified": "2023-05-15T12:54:34.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T17:50:05.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +31,26 @@ }, "exploitabilityScore": 2.5, "impactScore": 5.2 + }, + { + "source": "info@cert.vde.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.2 } ] }, @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.18.40", + "matchCriteriaId": "E14B190D-FE8A-463E-AB8A-FAC59F375CC9" + } + ] + } + ] + } + ], "references": [ { "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17350&token=2cee62285d3ec76d6a78dfa9b9e81e66f6136a2a&download=", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45364.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45364.json new file mode 100644 index 00000000000..399886c2c2c --- /dev/null +++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45364.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45364", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T16:15:09.307", + "lastModified": "2023-05-24T16:15:09.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin <=\u00a01.3.6.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/drag-and-drop-multiple-file-upload-contact-form-7/wordpress-drag-and-drop-multiple-file-upload-contact-form-7-plugin-1-3-6-5-multiple-csrf-vulnerabilities?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46794.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46794.json new file mode 100644 index 00000000000..713d0be796a --- /dev/null +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46794.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-46794", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T16:15:09.380", + "lastModified": "2023-05-24T16:15:09.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <=\u00a05.4.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/weight-based-shipping-for-woocommerce/wordpress-woocommerce-weight-based-shipping-plugin-5-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46816.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46816.json new file mode 100644 index 00000000000..0b60591765c --- /dev/null +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46816.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-46816", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T16:15:09.457", + "lastModified": "2023-05-24T16:15:09.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <=\u00a01.1.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-appointments-booking-calendar-plugin-plugin-1-1-4-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47152.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47152.json new file mode 100644 index 00000000000..e79dd7ad70d --- /dev/null +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47152.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47152", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T16:15:09.530", + "lastModified": "2023-05-24T16:15:09.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <=\u00a03.1.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/clickfunnels/wordpress-clickfunnels-plugin-3-1-1-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47180.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47180.json new file mode 100644 index 00000000000..a69d051c1e4 --- /dev/null +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47180.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47180", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T16:15:09.607", + "lastModified": "2023-05-24T16:15:09.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <=\u00a01.3.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kopatheme/wordpress-kopa-framework-plugin-1-3-5-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47392.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47392.json index cd2aa31dbd3..54ab2dce396 100644 --- a/CVE-2022/CVE-2022-473xx/CVE-2022-47392.json +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47392.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47392", "sourceIdentifier": "info@cert.vde.com", "published": "2023-05-15T11:15:08.750", - "lastModified": "2023-05-15T12:54:28.597", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T17:07:35.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,127 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "523FC1D5-2A13-4B4D-9EE6-7895A955F631" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "6E4DDA5F-C7CD-4ADE-AE44-B2F2C2F6B61C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "968E3873-9D42-4516-B884-56D49BB8BE8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "8FD4E051-A23A-4214-A599-5EDFD40B4843" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "27B2E352-6ACE-4F3D-B462-4DE1197DAF04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "3F20DC27-C98B-49CF-9C39-9FB483438FD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "80A1AAE3-1A29-4B1E-8C50-0EA87D158371" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "9C58C0EB-17CF-4ACA-B691-BBB558A77B4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "00007AE1-3679-4D05-96E2-F0F45E73B2B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "44E6A757-BB46-467E-B0DD-916672995584" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "C74B30D2-2653-4D2A-BEEC-0AB1843097AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "A9CF7388-0541-4CEA-B83B-127466DA6635" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "0D2297BF-E19B-4FA6-841F-0D5915D345CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "BBAA2041-8C65-4CC5-AC77-45DE2DEA458F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "A2F76A22-9A91-4683-8F85-322E2AA00E28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:safety_sil2_psp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "B37C6669-08B9-4588-B871-3203E8ABFCE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:safety_sil2_runtime_toolkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "B4E932B1-1475-40A0-AF58-D4F643A6A850" + } + ] + } + ] + } + ], "references": [ { "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47446.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47446.json new file mode 100644 index 00000000000..fe261c01004 --- /dev/null +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47446.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47446", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T17:15:09.507", + "lastModified": "2023-05-24T17:15:09.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps \u2013 LotsOfLocales plugin <=\u00a03.98.7 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/store-locator/wordpress-store-locator-for-wordpress-with-google-maps-lotsoflocales-plugin-3-98-7-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47447.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47447.json new file mode 100644 index 00000000000..387b5a025ae --- /dev/null +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47447.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47447", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T17:15:09.580", + "lastModified": "2023-05-24T17:15:09.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <=\u00a03.3.8 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-advanced-search/wordpress-wp-advanced-search-plugin-3-3-8-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47448.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47448.json new file mode 100644 index 00000000000..7c90d08b9d4 --- /dev/null +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47448.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47448", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T17:15:09.657", + "lastModified": "2023-05-24T17:15:09.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - MS plugin <=\u00a01.12.03 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/xili-tidy-tags/wordpress-xili-tidy-tags-plugin-1-12-03-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1096.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1096.json index 29bb3fa8dee..3cac1b36b91 100644 --- a/CVE-2023/CVE-2023-10xx/CVE-2023-1096.json +++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1096.json @@ -2,19 +2,84 @@ "id": "CVE-2023-1096", "sourceIdentifier": "security-alert@netapp.com", "published": "2023-05-12T21:15:08.990", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T16:53:38.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:snapcenter:4.7:-:*:*:*:*:*:*", + "matchCriteriaId": "E17B75EA-8806-4ADE-89E1-4E6E64397E60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:snapcenter:4.7:p1:*:*:*:*:*:*", + "matchCriteriaId": "E8A0CEDD-E27A-45F2-BE0E-D9257D928732" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:snapcenter:4.8:-:*:*:*:*:*:*", + "matchCriteriaId": "284F3E88-1CD0-48B8-BE0D-767956E4F838" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230511-0011/", - "source": "security-alert@netapp.com" + "source": "security-alert@netapp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1174.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1174.json new file mode 100644 index 00000000000..1276833be08 --- /dev/null +++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1174.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1174", + "sourceIdentifier": "jordan@liggitt.net", + "published": "2023-05-24T17:15:09.733", + "lastModified": "2023-05-24T17:15:09.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/2ZkJFMDTKbM", + "source": "jordan@liggitt.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1944.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1944.json new file mode 100644 index 00000000000..3fa39592f9c --- /dev/null +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1944.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1944", + "sourceIdentifier": "jordan@liggitt.net", + "published": "2023-05-24T17:15:09.797", + "lastModified": "2023-05-24T17:15:09.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability enables ssh access to minikube container using a default password." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-259" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kubernetes/minikube", + "source": "jordan@liggitt.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-206xx/CVE-2023-20673.json b/CVE-2023/CVE-2023-206xx/CVE-2023-20673.json index ab7c3e80a49..60b150f4a48 100644 --- a/CVE-2023/CVE-2023-206xx/CVE-2023-20673.json +++ b/CVE-2023/CVE-2023-206xx/CVE-2023-20673.json @@ -2,19 +2,301 @@ "id": "CVE-2023-20673", "sourceIdentifier": "security@mediatek.com", "published": "2023-05-15T22:15:10.427", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T17:07:09.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:22.2:*:*:*:*:*:*:*", + "matchCriteriaId": "22FE75BC-C0ED-445D-9ECD-BEA9D8881CBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*", + "matchCriteriaId": "222E4ECD-459A-4422-947F-FF26E026BC56" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*", + "matchCriteriaId": "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0BC2011E-7629-477E-A898-9748119F7A23" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DDB40D8E-E934-47B1-A3A9-102F39C2FF21" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0407203F-F9DE-4899-B0E6-226A7E9952CA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C76B993-B660-41EB-A66A-96011A044BF6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F8F0452-97F5-4BC6-AC85-42A24721F7CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/May-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25028.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25028.json new file mode 100644 index 00000000000..572e931da83 --- /dev/null +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25028.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25028", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-24T17:15:09.857", + "lastModified": "2023-05-24T17:15:09.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <=\u00a01.0.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cc-custom-taxonmy/wordpress-cc-custom-taxonomy-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25428.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25428.json index 1cba9658139..4736f607045 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25428.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25428.json @@ -2,23 +2,82 @@ "id": "CVE-2023-25428", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-12T16:15:09.513", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T16:27:49.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:soft-o:free_password_manager:1.1.20:*:*:*:*:*:*:*", + "matchCriteriaId": "7FF9C4C3-8E8B-41DE-B932-EDADF341379D" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/172259/Soft-o-Free-Password-Manager-1.1.20-DLL-Hijacking.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.soft-o.com/products/free-password-manager.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25927.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25927.json index eea300be7b1..93a33436e5c 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25927.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25927.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25927", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-05-12T18:15:09.450", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T16:35:46.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "psirt@us.ibm.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@us.ibm.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7548DF30-5F20-4A0E-97B2-D33BEE9D4785" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "BBC1ACEF-C524-49BE-B72A-9B7765090B01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "DE998672-F497-4D55-8370-9E4E81D15727" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2B372966-0DBE-4844-9364-9A1E8B70A4C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "B80B618B-9725-49A4-A9E6-E9A1B410DF2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "2B277083-2C49-4064-BC92-B93636577152" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { - "url": "https://https://www.ibm.com/support/pages/node/6989653", - "source": "psirt@us.ibm.com" + "url": "https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719", + "source": "nvd@nist.gov", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27898.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27898.json index 6457f3bd79d..b99c31992ec 100644 --- a/CVE-2023/CVE-2023-278xx/CVE-2023-27898.json +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27898.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27898", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-03-10T21:15:15.403", - "lastModified": "2023-03-16T15:40:08.173", + "lastModified": "2023-05-24T17:43:59.883", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" }, - "exploitabilityScore": 2.3, - "impactScore": 2.7 + "exploitabilityScore": 2.8, + "impactScore": 6.0 } ] }, diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27905.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27905.json index bd987ce25c3..5a147ab1a39 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27905.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27905.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27905", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-03-10T21:15:15.790", - "lastModified": "2023-03-15T19:37:44.107", + "lastModified": "2023-05-24T17:43:49.830", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" }, - "exploitabilityScore": 2.3, - "impactScore": 2.7 + "exploitabilityScore": 2.8, + "impactScore": 6.0 } ] }, diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30245.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30245.json index a51b6535330..ba529c88530 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30245.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30245.json @@ -2,23 +2,82 @@ "id": "CVE-2023-30245", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-15T16:15:09.980", - "lastModified": "2023-05-15T17:17:55.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T17:09:02.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:judging_management_system_project:judging_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FAE693B0-3497-406C-AD53-36AC05735004" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qingning988/cve_report/blob/main/judging-management-system/SQLi-1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.github.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31983.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31983.json index a9d613025bb..103aadf3ba9 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31983.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31983.json @@ -2,19 +2,87 @@ "id": "CVE-2023-31983", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-12T16:15:09.820", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T16:29:22.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:edimax:br-6428ns_firmware:1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "4D2C9DF5-576D-4CDF-A7E3-356FDE0B1A9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:edimax:br-6428ns:v4:*:*:*:*:*:*:*", + "matchCriteriaId": "A2693C87-4F33-430F-83D7-CC8286E37534" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Erebua/CVE/blob/main/N300_BR-6428nS%20V4/2/Readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32305.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32305.json index e09dbcc4111..62cb512e6d4 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32305.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32305.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32305", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-12T19:15:08.953", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T16:45:51.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +80,80 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aiven:aiven:*:*:*:*:*:postgresql:*:*", + "versionEndExcluding": "1.1.9", + "matchCriteriaId": "4C80E215-A1D4-4455-ABB1-5B9E627B4C82" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0", + "versionEndIncluding": "10.22", + "matchCriteriaId": "97CCDA2D-D4C8-49E0-924E-2203FC301E71" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndIncluding": "11.7", + "matchCriteriaId": "C4E7FCB3-F4AA-47A9-832B-C58FDA1D5523" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndIncluding": "12.12", + "matchCriteriaId": "18E1D01F-9DC6-4251-B3EB-879B270991B5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndIncluding": "13.8", + "matchCriteriaId": "F7C1778A-5CB2-4EFF-9F72-B889449CFD07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndIncluding": "14.5", + "matchCriteriaId": "355CFA07-D6D1-4E9C-94ED-CBC9560E593B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/aiven/aiven-extras/security/advisories/GHSA-7r4w-fw4h-67gp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32306.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32306.json index 1ba65ee2aab..f71b341fe16 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32306.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32306.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32306", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-12T19:15:09.023", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T16:48:49.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.22.13.5792", + "matchCriteriaId": "D406B905-1EDE-4F56-82A2-F18CA0A442D5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/anuko/timetracker/security/advisories/GHSA-758x-vg7g-j9j3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33944.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33944.json new file mode 100644 index 00000000000..98714e1d2aa --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33944.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33944", + "sourceIdentifier": "security@liferay.com", + "published": "2023-05-24T16:15:09.693", + "lastModified": "2023-05-24T16:15:09.693", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33945.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33945.json new file mode 100644 index 00000000000..4901a294314 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33945.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33945", + "sourceIdentifier": "security@liferay.com", + "published": "2023-05-24T16:15:09.760", + "lastModified": "2023-05-24T16:15:09.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33945", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33946.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33946.json new file mode 100644 index 00000000000..4bbded5ca5f --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33946.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33946", + "sourceIdentifier": "security@liferay.com", + "published": "2023-05-24T16:15:09.837", + "lastModified": "2023-05-24T16:15:09.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33946", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33947.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33947.json new file mode 100644 index 00000000000..ce82e64a27c --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33947.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33947", + "sourceIdentifier": "security@liferay.com", + "published": "2023-05-24T16:15:09.927", + "lastModified": "2023-05-24T16:15:09.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33947", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33948.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33948.json new file mode 100644 index 00000000000..902bc2861c1 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33948.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33948", + "sourceIdentifier": "security@liferay.com", + "published": "2023-05-24T16:15:10.007", + "lastModified": "2023-05-24T16:15:10.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33948", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33949.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33949.json new file mode 100644 index 00000000000..118bbc32dab --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33949.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33949", + "sourceIdentifier": "security@liferay.com", + "published": "2023-05-24T17:15:09.933", + "lastModified": "2023-05-24T17:15:09.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1188" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33950.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33950.json new file mode 100644 index 00000000000..6cc7943b051 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33950.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33950", + "sourceIdentifier": "security@liferay.com", + "published": "2023-05-24T17:15:10.007", + "lastModified": "2023-05-24T17:15:10.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1333" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b91d9cfcc63..c6b92f98b86 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-24T16:00:46.198738+00:00 +2023-05-24T18:00:50.307933+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-24T15:46:27.170000+00:00 +2023-05-24T17:50:05.210000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -215910 +215930 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `20` -* [CVE-2023-2045](CVE-2023/CVE-2023-20xx/CVE-2023-2045.json) (`2023-05-24T14:15:09.397`) -* [CVE-2023-2064](CVE-2023/CVE-2023-20xx/CVE-2023-2064.json) (`2023-05-24T14:15:09.473`) -* [CVE-2023-33938](CVE-2023/CVE-2023-339xx/CVE-2023-33938.json) (`2023-05-24T14:15:09.550`) -* [CVE-2023-33939](CVE-2023/CVE-2023-339xx/CVE-2023-33939.json) (`2023-05-24T14:15:09.623`) -* [CVE-2023-33940](CVE-2023/CVE-2023-339xx/CVE-2023-33940.json) (`2023-05-24T14:15:09.697`) -* [CVE-2023-31748](CVE-2023/CVE-2023-317xx/CVE-2023-31748.json) (`2023-05-24T15:15:09.490`) -* [CVE-2023-33246](CVE-2023/CVE-2023-332xx/CVE-2023-33246.json) (`2023-05-24T15:15:09.553`) -* [CVE-2023-33941](CVE-2023/CVE-2023-339xx/CVE-2023-33941.json) (`2023-05-24T15:15:09.697`) -* [CVE-2023-33942](CVE-2023/CVE-2023-339xx/CVE-2023-33942.json) (`2023-05-24T15:15:09.807`) -* [CVE-2023-33943](CVE-2023/CVE-2023-339xx/CVE-2023-33943.json) (`2023-05-24T15:15:09.897`) +* [CVE-2021-25748](CVE-2021/CVE-2021-257xx/CVE-2021-25748.json) (`2023-05-24T17:15:09.253`) +* [CVE-2021-25749](CVE-2021/CVE-2021-257xx/CVE-2021-25749.json) (`2023-05-24T17:15:09.413`) +* [CVE-2022-45364](CVE-2022/CVE-2022-453xx/CVE-2022-45364.json) (`2023-05-24T16:15:09.307`) +* [CVE-2022-46794](CVE-2022/CVE-2022-467xx/CVE-2022-46794.json) (`2023-05-24T16:15:09.380`) +* [CVE-2022-46816](CVE-2022/CVE-2022-468xx/CVE-2022-46816.json) (`2023-05-24T16:15:09.457`) +* [CVE-2022-47152](CVE-2022/CVE-2022-471xx/CVE-2022-47152.json) (`2023-05-24T16:15:09.530`) +* [CVE-2022-47180](CVE-2022/CVE-2022-471xx/CVE-2022-47180.json) (`2023-05-24T16:15:09.607`) +* [CVE-2022-47446](CVE-2022/CVE-2022-474xx/CVE-2022-47446.json) (`2023-05-24T17:15:09.507`) +* [CVE-2022-47447](CVE-2022/CVE-2022-474xx/CVE-2022-47447.json) (`2023-05-24T17:15:09.580`) +* [CVE-2022-47448](CVE-2022/CVE-2022-474xx/CVE-2022-47448.json) (`2023-05-24T17:15:09.657`) +* [CVE-2023-33944](CVE-2023/CVE-2023-339xx/CVE-2023-33944.json) (`2023-05-24T16:15:09.693`) +* [CVE-2023-33945](CVE-2023/CVE-2023-339xx/CVE-2023-33945.json) (`2023-05-24T16:15:09.760`) +* [CVE-2023-33946](CVE-2023/CVE-2023-339xx/CVE-2023-33946.json) (`2023-05-24T16:15:09.837`) +* [CVE-2023-33947](CVE-2023/CVE-2023-339xx/CVE-2023-33947.json) (`2023-05-24T16:15:09.927`) +* [CVE-2023-33948](CVE-2023/CVE-2023-339xx/CVE-2023-33948.json) (`2023-05-24T16:15:10.007`) +* [CVE-2023-1174](CVE-2023/CVE-2023-11xx/CVE-2023-1174.json) (`2023-05-24T17:15:09.733`) +* [CVE-2023-1944](CVE-2023/CVE-2023-19xx/CVE-2023-1944.json) (`2023-05-24T17:15:09.797`) +* [CVE-2023-25028](CVE-2023/CVE-2023-250xx/CVE-2023-25028.json) (`2023-05-24T17:15:09.857`) +* [CVE-2023-33949](CVE-2023/CVE-2023-339xx/CVE-2023-33949.json) (`2023-05-24T17:15:09.933`) +* [CVE-2023-33950](CVE-2023/CVE-2023-339xx/CVE-2023-33950.json) (`2023-05-24T17:15:10.007`) ### CVEs modified in the last Commit -Recently modified CVEs: `35` +Recently modified CVEs: `14` -* [CVE-2021-22161](CVE-2021/CVE-2021-221xx/CVE-2021-22161.json) (`2023-05-24T15:01:02.763`) -* [CVE-2021-28961](CVE-2021/CVE-2021-289xx/CVE-2021-28961.json) (`2023-05-24T15:01:02.763`) -* [CVE-2021-33425](CVE-2021/CVE-2021-334xx/CVE-2021-33425.json) (`2023-05-24T15:01:02.763`) -* [CVE-2021-32019](CVE-2021/CVE-2021-320xx/CVE-2021-32019.json) (`2023-05-24T15:01:02.763`) -* [CVE-2021-45904](CVE-2021/CVE-2021-459xx/CVE-2021-45904.json) (`2023-05-24T15:01:02.763`) -* [CVE-2021-45905](CVE-2021/CVE-2021-459xx/CVE-2021-45905.json) (`2023-05-24T15:01:02.763`) -* [CVE-2021-45906](CVE-2021/CVE-2021-459xx/CVE-2021-45906.json) (`2023-05-24T15:01:02.763`) -* [CVE-2022-47879](CVE-2022/CVE-2022-478xx/CVE-2022-47879.json) (`2023-05-24T14:24:20.870`) -* [CVE-2022-47880](CVE-2022/CVE-2022-478xx/CVE-2022-47880.json) (`2023-05-24T14:58:03.180`) -* [CVE-2022-38333](CVE-2022/CVE-2022-383xx/CVE-2022-38333.json) (`2023-05-24T15:01:02.763`) -* [CVE-2022-29583](CVE-2022/CVE-2022-295xx/CVE-2022-29583.json) (`2023-05-24T15:15:09.337`) -* [CVE-2023-29818](CVE-2023/CVE-2023-298xx/CVE-2023-29818.json) (`2023-05-24T14:00:58.923`) -* [CVE-2023-29819](CVE-2023/CVE-2023-298xx/CVE-2023-29819.json) (`2023-05-24T14:15:28.837`) -* [CVE-2023-24182](CVE-2023/CVE-2023-241xx/CVE-2023-24182.json) (`2023-05-24T15:01:02.763`) -* [CVE-2023-32073](CVE-2023/CVE-2023-320xx/CVE-2023-32073.json) (`2023-05-24T15:01:41.677`) -* [CVE-2023-20726](CVE-2023/CVE-2023-207xx/CVE-2023-20726.json) (`2023-05-24T15:06:52.940`) -* [CVE-2023-20696](CVE-2023/CVE-2023-206xx/CVE-2023-20696.json) (`2023-05-24T15:09:06.833`) -* [CVE-2023-20695](CVE-2023/CVE-2023-206xx/CVE-2023-20695.json) (`2023-05-24T15:09:51.070`) -* [CVE-2023-20694](CVE-2023/CVE-2023-206xx/CVE-2023-20694.json) (`2023-05-24T15:10:04.603`) -* [CVE-2023-2752](CVE-2023/CVE-2023-27xx/CVE-2023-2752.json) (`2023-05-24T15:18:32.437`) -* [CVE-2023-2753](CVE-2023/CVE-2023-27xx/CVE-2023-2753.json) (`2023-05-24T15:18:44.767`) -* [CVE-2023-32081](CVE-2023/CVE-2023-320xx/CVE-2023-32081.json) (`2023-05-24T15:22:06.790`) -* [CVE-2023-30768](CVE-2023/CVE-2023-307xx/CVE-2023-30768.json) (`2023-05-24T15:30:01.410`) -* [CVE-2023-31197](CVE-2023/CVE-2023-311xx/CVE-2023-31197.json) (`2023-05-24T15:42:14.870`) -* [CVE-2023-31199](CVE-2023/CVE-2023-311xx/CVE-2023-31199.json) (`2023-05-24T15:46:27.170`) +* [CVE-2021-0877](CVE-2021/CVE-2021-08xx/CVE-2021-0877.json) (`2023-05-24T17:09:58.747`) +* [CVE-2022-36357](CVE-2022/CVE-2022-363xx/CVE-2022-36357.json) (`2023-05-24T16:15:09.193`) +* [CVE-2022-47392](CVE-2022/CVE-2022-473xx/CVE-2022-47392.json) (`2023-05-24T17:07:35.733`) +* [CVE-2022-4048](CVE-2022/CVE-2022-40xx/CVE-2022-4048.json) (`2023-05-24T17:50:05.210`) +* [CVE-2023-25428](CVE-2023/CVE-2023-254xx/CVE-2023-25428.json) (`2023-05-24T16:27:49.700`) +* [CVE-2023-31983](CVE-2023/CVE-2023-319xx/CVE-2023-31983.json) (`2023-05-24T16:29:22.113`) +* [CVE-2023-25927](CVE-2023/CVE-2023-259xx/CVE-2023-25927.json) (`2023-05-24T16:35:46.443`) +* [CVE-2023-32305](CVE-2023/CVE-2023-323xx/CVE-2023-32305.json) (`2023-05-24T16:45:51.600`) +* [CVE-2023-32306](CVE-2023/CVE-2023-323xx/CVE-2023-32306.json) (`2023-05-24T16:48:49.693`) +* [CVE-2023-1096](CVE-2023/CVE-2023-10xx/CVE-2023-1096.json) (`2023-05-24T16:53:38.400`) +* [CVE-2023-20673](CVE-2023/CVE-2023-206xx/CVE-2023-20673.json) (`2023-05-24T17:07:09.800`) +* [CVE-2023-30245](CVE-2023/CVE-2023-302xx/CVE-2023-30245.json) (`2023-05-24T17:09:02.543`) +* [CVE-2023-27905](CVE-2023/CVE-2023-279xx/CVE-2023-27905.json) (`2023-05-24T17:43:49.830`) +* [CVE-2023-27898](CVE-2023/CVE-2023-278xx/CVE-2023-27898.json) (`2023-05-24T17:43:59.883`) ## Download and Usage