From 30bc2624c2b6372eb4af3756644137d5acfa2c7a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 18 Jul 2023 20:00:31 +0000 Subject: [PATCH] Auto-Update: 2023-07-18T20:00:27.911740+00:00 --- CVE-2020/CVE-2020-221xx/CVE-2020-22159.json | 24 ++ CVE-2020/CVE-2020-367xx/CVE-2020-36762.json | 4 +- CVE-2021/CVE-2021-375xx/CVE-2021-37522.json | 24 ++ CVE-2021/CVE-2021-44xx/CVE-2021-4410.json | 67 +++- CVE-2021/CVE-2021-44xx/CVE-2021-4411.json | 72 +++- CVE-2021/CVE-2021-44xx/CVE-2021-4412.json | 67 +++- CVE-2021/CVE-2021-44xx/CVE-2021-4413.json | 89 ++++- CVE-2021/CVE-2021-44xx/CVE-2021-4414.json | 71 +++- CVE-2021/CVE-2021-44xx/CVE-2021-4428.json | 96 ++++++ CVE-2022/CVE-2022-223xx/CVE-2022-22302.json | 94 +++++- CVE-2022/CVE-2022-295xx/CVE-2022-29561.json | 349 +++++++++++++++++++- CVE-2022/CVE-2022-295xx/CVE-2022-29562.json | 349 +++++++++++++++++++- CVE-2022/CVE-2022-458xx/CVE-2022-45868.json | 14 +- CVE-2022/CVE-2022-474xx/CVE-2022-47421.json | 4 +- CVE-2022/CVE-2022-47xx/CVE-2022-4734.json | 20 +- CVE-2022/CVE-2022-48xx/CVE-2022-4811.json | 20 +- CVE-2023/CVE-2023-01xx/CVE-2023-0160.json | 55 +++ CVE-2023/CVE-2023-201xx/CVE-2023-20133.json | 213 +++++++++++- CVE-2023/CVE-2023-201xx/CVE-2023-20180.json | 213 +++++++++++- CVE-2023/CVE-2023-20xx/CVE-2023-2078.json | 64 +++- CVE-2023/CVE-2023-20xx/CVE-2023-2079.json | 64 +++- CVE-2023/CVE-2023-228xx/CVE-2023-22835.json | 65 +++- CVE-2023/CVE-2023-22xx/CVE-2023-2263.json | 55 +++ CVE-2023/CVE-2023-236xx/CVE-2023-23671.json | 47 ++- CVE-2023/CVE-2023-243xx/CVE-2023-24390.json | 4 +- CVE-2023/CVE-2023-244xx/CVE-2023-24417.json | 47 ++- CVE-2023/CVE-2023-244xx/CVE-2023-24486.json | 62 +++- CVE-2023/CVE-2023-244xx/CVE-2023-24487.json | 114 ++++++- CVE-2023/CVE-2023-244xx/CVE-2023-24489.json | 57 +++- CVE-2023/CVE-2023-244xx/CVE-2023-24490.json | 163 ++++++++- CVE-2023/CVE-2023-254xx/CVE-2023-25443.json | 47 ++- CVE-2023/CVE-2023-257xx/CVE-2023-25706.json | 47 ++- CVE-2023/CVE-2023-27xx/CVE-2023-2746.json | 57 +++- CVE-2023/CVE-2023-280xx/CVE-2023-28019.json | 43 +++ CVE-2023/CVE-2023-280xx/CVE-2023-28020.json | 43 +++ CVE-2023/CVE-2023-280xx/CVE-2023-28021.json | 43 +++ CVE-2023/CVE-2023-291xx/CVE-2023-29131.json | 58 +++- CVE-2023/CVE-2023-301xx/CVE-2023-30153.json | 47 +++ CVE-2023/CVE-2023-303xx/CVE-2023-30383.json | 36 ++ CVE-2023/CVE-2023-309xx/CVE-2023-30919.json | 150 ++++++++- CVE-2023/CVE-2023-309xx/CVE-2023-30920.json | 150 ++++++++- CVE-2023/CVE-2023-309xx/CVE-2023-30921.json | 150 ++++++++- CVE-2023/CVE-2023-309xx/CVE-2023-30956.json | 59 +++- CVE-2023/CVE-2023-309xx/CVE-2023-30960.json | 59 +++- CVE-2023/CVE-2023-309xx/CVE-2023-30963.json | 59 +++- CVE-2023/CVE-2023-30xx/CVE-2023-3081.json | 59 +++- CVE-2023/CVE-2023-30xx/CVE-2023-3082.json | 54 ++- CVE-2023/CVE-2023-30xx/CVE-2023-3087.json | 59 +++- CVE-2023/CVE-2023-30xx/CVE-2023-3088.json | 54 ++- CVE-2023/CVE-2023-30xx/CVE-2023-3092.json | 54 ++- CVE-2023/CVE-2023-30xx/CVE-2023-3093.json | 66 +++- CVE-2023/CVE-2023-314xx/CVE-2023-31405.json | 51 ++- CVE-2023/CVE-2023-314xx/CVE-2023-31441.json | 4 +- CVE-2023/CVE-2023-31xx/CVE-2023-3105.json | 32 +- CVE-2023/CVE-2023-31xx/CVE-2023-3175.json | 53 ++- CVE-2023/CVE-2023-321xx/CVE-2023-32104.json | 47 ++- CVE-2023/CVE-2023-32xx/CVE-2023-3219.json | 65 +++- CVE-2023/CVE-2023-32xx/CVE-2023-3225.json | 53 ++- CVE-2023/CVE-2023-32xx/CVE-2023-3270.json | 81 ++++- CVE-2023/CVE-2023-332xx/CVE-2023-33231.json | 59 ++++ CVE-2023/CVE-2023-332xx/CVE-2023-33265.json | 24 ++ CVE-2023/CVE-2023-333xx/CVE-2023-33312.json | 55 +++ CVE-2023/CVE-2023-333xx/CVE-2023-33329.json | 55 +++ CVE-2023/CVE-2023-338xx/CVE-2023-33871.json | 55 +++ CVE-2023/CVE-2023-339xx/CVE-2023-33987.json | 166 +++++++++- CVE-2023/CVE-2023-339xx/CVE-2023-33988.json | 51 ++- CVE-2023/CVE-2023-340xx/CVE-2023-34029.json | 59 +++- CVE-2023/CVE-2023-340xx/CVE-2023-34035.json | 43 +++ CVE-2023/CVE-2023-341xx/CVE-2023-34185.json | 59 +++- CVE-2023/CVE-2023-343xx/CVE-2023-34329.json | 59 ++++ CVE-2023/CVE-2023-343xx/CVE-2023-34330.json | 55 +++ CVE-2023/CVE-2023-345xx/CVE-2023-34561.json | 94 +++++- CVE-2023/CVE-2023-350xx/CVE-2023-35044.json | 47 ++- CVE-2023/CVE-2023-350xx/CVE-2023-35047.json | 47 ++- CVE-2023/CVE-2023-350xx/CVE-2023-35091.json | 47 ++- CVE-2023/CVE-2023-351xx/CVE-2023-35189.json | 55 +++ CVE-2023/CVE-2023-357xx/CVE-2023-35763.json | 55 +++ CVE-2023/CVE-2023-357xx/CVE-2023-35773.json | 59 +++- CVE-2023/CVE-2023-357xx/CVE-2023-35778.json | 47 ++- CVE-2023/CVE-2023-357xx/CVE-2023-35780.json | 47 ++- CVE-2023/CVE-2023-358xx/CVE-2023-35854.json | 6 +- CVE-2023/CVE-2023-358xx/CVE-2023-35871.json | 158 ++++++++- CVE-2023/CVE-2023-362xx/CVE-2023-36293.json | 69 +++- CVE-2023/CVE-2023-363xx/CVE-2023-36383.json | 4 +- CVE-2023/CVE-2023-363xx/CVE-2023-36384.json | 4 +- CVE-2023/CVE-2023-363xx/CVE-2023-36389.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-363xx/CVE-2023-36390.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36522.json | 47 ++- CVE-2023/CVE-2023-366xx/CVE-2023-36669.json | 24 ++ CVE-2023/CVE-2023-366xx/CVE-2023-36670.json | 24 ++ CVE-2023/CVE-2023-366xx/CVE-2023-36687.json | 47 ++- CVE-2023/CVE-2023-366xx/CVE-2023-36690.json | 47 ++- CVE-2023/CVE-2023-366xx/CVE-2023-36693.json | 47 ++- CVE-2023/CVE-2023-367xx/CVE-2023-36748.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-367xx/CVE-2023-36749.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-367xx/CVE-2023-36750.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-367xx/CVE-2023-36751.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-367xx/CVE-2023-36752.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-367xx/CVE-2023-36753.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-367xx/CVE-2023-36754.json | 349 +++++++++++++++++++- CVE-2023/CVE-2023-369xx/CVE-2023-36917.json | 56 +++- CVE-2023/CVE-2023-369xx/CVE-2023-36918.json | 51 ++- CVE-2023/CVE-2023-369xx/CVE-2023-36919.json | 63 +++- CVE-2023/CVE-2023-369xx/CVE-2023-36921.json | 63 +++- CVE-2023/CVE-2023-369xx/CVE-2023-36922.json | 133 +++++++- CVE-2023/CVE-2023-369xx/CVE-2023-36925.json | 51 ++- CVE-2023/CVE-2023-369xx/CVE-2023-36936.json | 70 +++- CVE-2023/CVE-2023-369xx/CVE-2023-36939.json | 70 +++- CVE-2023/CVE-2023-36xx/CVE-2023-3606.json | 62 +++- CVE-2023/CVE-2023-36xx/CVE-2023-3620.json | 56 +++- CVE-2023/CVE-2023-36xx/CVE-2023-3627.json | 69 +++- CVE-2023/CVE-2023-372xx/CVE-2023-37259.json | 59 ++++ CVE-2023/CVE-2023-372xx/CVE-2023-37261.json | 78 ++++- CVE-2023/CVE-2023-372xx/CVE-2023-37262.json | 95 +++++- CVE-2023/CVE-2023-372xx/CVE-2023-37264.json | 57 +++- CVE-2023/CVE-2023-373xx/CVE-2023-37391.json | 47 ++- CVE-2023/CVE-2023-374xx/CVE-2023-37477.json | 59 ++++ CVE-2023/CVE-2023-374xx/CVE-2023-37480.json | 59 ++++ CVE-2023/CVE-2023-374xx/CVE-2023-37481.json | 59 ++++ CVE-2023/CVE-2023-375xx/CVE-2023-37597.json | 69 +++- CVE-2023/CVE-2023-376xx/CVE-2023-37656.json | 64 +++- CVE-2023/CVE-2023-376xx/CVE-2023-37657.json | 65 +++- CVE-2023/CVE-2023-377xx/CVE-2023-37758.json | 28 ++ CVE-2023/CVE-2023-377xx/CVE-2023-37788.json | 24 ++ CVE-2023/CVE-2023-382xx/CVE-2023-38257.json | 55 +++ README.md | 108 +++--- 126 files changed, 10416 insertions(+), 477 deletions(-) create mode 100644 CVE-2020/CVE-2020-221xx/CVE-2020-22159.json create mode 100644 CVE-2021/CVE-2021-375xx/CVE-2021-37522.json create mode 100644 CVE-2021/CVE-2021-44xx/CVE-2021-4428.json create mode 100644 CVE-2023/CVE-2023-01xx/CVE-2023-0160.json create mode 100644 CVE-2023/CVE-2023-22xx/CVE-2023-2263.json create mode 100644 CVE-2023/CVE-2023-280xx/CVE-2023-28019.json create mode 100644 CVE-2023/CVE-2023-280xx/CVE-2023-28020.json create mode 100644 CVE-2023/CVE-2023-280xx/CVE-2023-28021.json create mode 100644 CVE-2023/CVE-2023-301xx/CVE-2023-30153.json create mode 100644 CVE-2023/CVE-2023-303xx/CVE-2023-30383.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33231.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33265.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33312.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33329.json create mode 100644 CVE-2023/CVE-2023-338xx/CVE-2023-33871.json create mode 100644 CVE-2023/CVE-2023-340xx/CVE-2023-34035.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34329.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34330.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35189.json create mode 100644 CVE-2023/CVE-2023-357xx/CVE-2023-35763.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36669.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36670.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37259.json create mode 100644 CVE-2023/CVE-2023-374xx/CVE-2023-37477.json create mode 100644 CVE-2023/CVE-2023-374xx/CVE-2023-37480.json create mode 100644 CVE-2023/CVE-2023-374xx/CVE-2023-37481.json create mode 100644 CVE-2023/CVE-2023-377xx/CVE-2023-37758.json create mode 100644 CVE-2023/CVE-2023-377xx/CVE-2023-37788.json create mode 100644 CVE-2023/CVE-2023-382xx/CVE-2023-38257.json diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22159.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22159.json new file mode 100644 index 00000000000..0f97dba1dfd --- /dev/null +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22159.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2020-22159", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T18:15:11.503", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cacharros-inthewild.blogspot.com/2023/07/the-3080ipx-is-integrated-multicast.html", + "source": "cve@mitre.org" + }, + { + "url": "https://sku11army.blogspot.com/2020/02/evertz-path-transversal-arbitrary-file.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36762.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36762.json index 301fd45b3d6..aa5dbed584b 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36762.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36762.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36762", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-18T15:15:11.133", - "lastModified": "2023-07-18T15:15:11.133", - "vulnStatus": "Received", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-375xx/CVE-2021-37522.json b/CVE-2021/CVE-2021-375xx/CVE-2021-37522.json new file mode 100644 index 00000000000..a00ffc31c71 --- /dev/null +++ b/CVE-2021/CVE-2021-375xx/CVE-2021-37522.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2021-37522", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T18:15:11.590", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cinquito.github.io/jekyll/update/2021/10/17/discord_bot_sqli.html", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/0xHornet/9789d70454a47764b611afc8e84d6c0d", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4410.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4410.json index 9409e51e8a4..40879c69125 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4410.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4410.json @@ -2,8 +2,8 @@ "id": "CVE-2021-4410", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T04:15:10.667", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:40:06.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,42 +46,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qtranslate_slug_project:qtranslate_slug:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.18", + "matchCriteriaId": "203C24EE-0502-46A4-A8E9-DAAE5079F435" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/qtranslate-slug/trunk/includes/class-qtranslate-slug.php#L2099", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d682596-c32d-4abd-ba39-b57fc45c9ce0?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4411.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4411.json index 04c501f4a35..cf316c0620d 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4411.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4411.json @@ -2,8 +2,8 @@ "id": "CVE-2021-4411", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T04:15:10.767", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:39:57.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,46 +46,94 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpeasypay:wp_easypay:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2.0", + "matchCriteriaId": "AA8D2AA0-149C-479F-B518-81349B90C6BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/wp-easy-pay/trunk/wpep_setup.php?rev=2426641#L219", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2551919%40wp-easy-pay&new=2551919%40wp-easy-pay&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fbb3a6-fcc2-47c5-a086-331e69292add?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4412.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4412.json index 3f902f545a5..94338aa1348 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4412.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4412.json @@ -2,8 +2,8 @@ "id": "CVE-2021-4412", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T04:15:10.880", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:39:43.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,42 +46,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:goprayer:wp_prayer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.5", + "matchCriteriaId": "A19EAFC7-FE0F-442F-A974-F948D4257DA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2543740%40wp-prayer&new=2543740%40wp-prayer&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7efbdb1-989f-4171-ab55-aff66014337a?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4413.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4413.json index 26165629090..70c845f547f 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4413.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4413.json @@ -2,8 +2,8 @@ "id": "CVE-2021-4413", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T04:15:11.003", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:39:34.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +31,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -46,42 +66,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coolplugins:process_steps_template_designer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.1", + "matchCriteriaId": "B388BF29-BCA3-4E89-97D5-DDF138ADBB2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2473649%40process-steps-template-designer&new=2473649%40process-steps-template-designer&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a98f6a68-5863-4147-86c4-8c19af469be3?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4414.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4414.json index 9439fdbb0e1..94e833ebf1c 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4414.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4414.json @@ -2,12 +2,16 @@ "id": "CVE-2021-4414", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T04:15:11.117", - "lastModified": "2023-07-12T12:46:41.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:39:08.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it possible for unauthenticated attackers to generate email preview templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El plugin Abandoned Cart Lite for WooCommerce para WordPress es vulnerable a ataques de tipo Cross-Site Request Forgery en versiones hasta la 5.8.5 inclusive. Esto es debido a la falta o incorrecta validaci\u00f3n nonce en la funci\u00f3n \"wcal_preview_emails()\". Esto hace posible que los atacantes no autenticados generen plantillas de vista previa de correo electr\u00f3nico a trav\u00e9s de una solicitud manipulada concedida y puedan enga\u00f1ar a un administrador del sitio para realizar una acci\u00f3n como hacer clic en un enlace. " } ], "metrics": { @@ -46,42 +50,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tychesoftwares:abandoned_cart_lite_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.8.5", + "matchCriteriaId": "91AF5A02-5872-44B5-9A8D-380AB98674EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2473720/woocommerce-abandoned-cart/trunk/woocommerce-ac.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4428.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4428.json new file mode 100644 index 00000000000..c2aa3400a6a --- /dev/null +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4428.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2021-4428", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-18T17:15:11.140", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32ac", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/what3words/wordpress-autosuggest-plugin/pull/20", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.234247", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.234247", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22302.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22302.json index d0d643c9e46..bb8183389af 100644 --- a/CVE-2022/CVE-2022-223xx/CVE-2022-22302.json +++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22302.json @@ -2,8 +2,8 @@ "id": "CVE-2022-22302", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-07-11T09:15:09.073", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:25:58.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +54,78 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.4", + "matchCriteriaId": "47A3EAE7-BA29-4267-BF88-61ACA9F40AC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0C30DF6A-2839-4B19-AF75-2A5BD82CB0BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8BCCE874-8B7F-4A4A-9A28-C32280E77708" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.13", + "matchCriteriaId": "A6EF01D9-50FB-4300-87FB-132649A9AC51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.9", + "matchCriteriaId": "C4C0308D-8E52-456B-BFC2-62D4C1E9BDC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1C6E45EB-4C8C-4777-9200-08B14595A3A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9D114536-7169-4814-B011-570E3AD86A3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-20-014", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-295xx/CVE-2022-29561.json b/CVE-2022/CVE-2022-295xx/CVE-2022-29561.json index 5cd1df94d30..d26d5527a1b 100644 --- a/CVE-2022/CVE-2022-295xx/CVE-2022-29561.json +++ b/CVE-2022/CVE-2022-295xx/CVE-2022-29561.json @@ -2,8 +2,8 @@ "id": "CVE-2022-29561", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:09.970", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:05:58.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-295xx/CVE-2022-29562.json b/CVE-2022/CVE-2022-295xx/CVE-2022-29562.json index a972c5373a3..df87ee70dda 100644 --- a/CVE-2022/CVE-2022-295xx/CVE-2022-29562.json +++ b/CVE-2022/CVE-2022-295xx/CVE-2022-29562.json @@ -2,8 +2,8 @@ "id": "CVE-2022-29562", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:10.043", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:16:33.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45868.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45868.json index f23f6181225..248dc09434a 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45868.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45868.json @@ -2,12 +2,12 @@ "id": "CVE-2022-45868", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T21:15:11.360", - "lastModified": "2022-11-30T20:46:33.020", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-18T18:15:11.680", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states \"This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.\"" + "value": "** DISPUTED ** The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states \"This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.\"" } ], "metrics": { @@ -85,6 +85,10 @@ } ], "references": [ + { + "url": "https://github.com/advisories/GHSA-22wj-vf5f-wrvj", + "source": "cve@mitre.org" + }, { "url": "https://github.com/h2database/h2database/blob/96832bf5a97cdc0adc1f2066ed61c54990d66ab5/h2/src/main/org/h2/server/web/WebServer.java#L346-L347", "source": "cve@mitre.org", @@ -92,6 +96,10 @@ "Third Party Advisory" ] }, + { + "url": "https://github.com/h2database/h2database/issues/3686", + "source": "cve@mitre.org" + }, { "url": "https://sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47421.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47421.json index f5b74278bea..aa5b5e2f71c 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47421.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47421.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47421", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T15:15:11.363", - "lastModified": "2023-07-18T15:15:11.363", - "vulnStatus": "Received", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-47xx/CVE-2022-4734.json b/CVE-2022/CVE-2022-47xx/CVE-2022-4734.json index bcbea618793..efe550344a7 100644 --- a/CVE-2022/CVE-2022-47xx/CVE-2022-4734.json +++ b/CVE-2022/CVE-2022-47xx/CVE-2022-4734.json @@ -2,12 +2,12 @@ "id": "CVE-2022-4734", "sourceIdentifier": "security@huntr.dev", "published": "2022-12-27T15:15:12.767", - "lastModified": "2023-07-17T15:11:50.203", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-18T16:15:11.283", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository usememos/memos prior to 0.9.1." + "value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -58,7 +56,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@huntr.dev", "type": "Primary", "description": [ { @@ -68,12 +66,12 @@ ] }, { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-212" } ] } diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4811.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4811.json index 8ebe697bc8b..4acc1239167 100644 --- a/CVE-2022/CVE-2022-48xx/CVE-2022-4811.json +++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4811.json @@ -2,12 +2,12 @@ "id": "CVE-2022-4811", "sourceIdentifier": "security@huntr.dev", "published": "2022-12-28T14:15:11.363", - "lastModified": "2023-07-17T15:10:30.823", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-18T16:15:11.463", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Incorrect Authorization in GitHub repository usememos/memos prior to 0.9.1." + "value": "Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -58,7 +56,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@huntr.dev", "type": "Primary", "description": [ { @@ -68,12 +66,12 @@ ] }, { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-863" + "value": "CWE-639" } ] } diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0160.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0160.json new file mode 100644 index 00000000000..e00e7407884 --- /dev/null +++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0160.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-0160", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-07-18T17:15:11.313", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A deadlock flaw was found in the Linux kernel\u2019s BPF subsystem. This flaw allows a local user to potentially crash the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-0160", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159764", + "source": "secalert@redhat.com" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56", + "source": "secalert@redhat.com" + }, + { + "url": "https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20133.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20133.json index 6fd9d256dbd..7169d8638f9 100644 --- a/CVE-2023/CVE-2023-201xx/CVE-2023-20133.json +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20133.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20133", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-07-07T20:15:09.887", - "lastModified": "2023-07-08T10:25:54.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:59:56.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +54,197 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.6:*:*:*:*:*:*:*", + "matchCriteriaId": "4F3FA883-F14A-424A-8CEA-E7B140311B88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.7:*:*:*:*:*:*:*", + "matchCriteriaId": "D1A28A13-3554-4951-9BC6-D57E68672648" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.7.4:*:*:*:*:*:*:*", + "matchCriteriaId": "8A9F521F-5D30-4DE7-A308-D1EC7F17C5FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "DA6A48E8-0B18-49F7-9869-A493F356778E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.8:*:*:*:*:*:*:*", + "matchCriteriaId": "25230DAE-8870-4D37-A61A-E352C1B3D745" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3875C388-7B83-451C-8F37-609A414B847E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.8.3:*:*:*:*:*:*:*", + "matchCriteriaId": "17D2A6BB-43D5-4907-BA8E-0EFC5C45A8E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "43E36526-AD0B-4020-86B5-0681D6D4A845" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.9:*:*:*:*:*:*:*", + "matchCriteriaId": "787AA492-5044-4A98-BA14-DE1D2DB09435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D1752401-15DE-42A1-B7A1-F6C82DAEE1A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.10:*:*:*:*:*:*:*", + "matchCriteriaId": "A89D03AD-C0CB-48B9-9B17-C4397F7BCC6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.11:*:*:*:*:*:*:*", + "matchCriteriaId": "2DD47BA5-5DA9-4C0E-BE96-F1E94E444DE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.1:*:*:*:*:*:*:*", + "matchCriteriaId": "69A90D5E-EA48-4738-BE1B-78FBDAD33017" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.2:*:*:*:*:*:*:*", + "matchCriteriaId": "94E66A90-D684-4185-8C28-727B62AFB39D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0082B39D-BC0E-4716-8332-A04EA6BBBDD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "F82C6242-BCD3-43C1-8B1D-4044C4263050" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.6:*:*:*:*:*:*:*", + "matchCriteriaId": "982C57A9-231E-4CB2-80A8-19A2DF951615" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "11176259-0359-416D-A22D-DEBEBE755FE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.6:*:*:*:*:*:*:*", + "matchCriteriaId": "FC9FB403-FD08-48CE-AEEA-D39485CAF64A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.7:*:*:*:*:*:*:*", + "matchCriteriaId": "95C51BA7-857E-46CF-A9F1-6FAF354256AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.8:*:*:*:*:*:*:*", + "matchCriteriaId": "8D521C27-9DC7-455F-846B-BBCBF91E40BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.9:*:*:*:*:*:*:*", + "matchCriteriaId": "E556DE9F-C369-4A0C-94D9-5F5A83BFF8D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.10:*:*:*:*:*:*:*", + "matchCriteriaId": "6AC385C8-8E95-461F-AC9D-926BF24C2D7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.11:*:*:*:*:*:*:*", + "matchCriteriaId": "47ED4961-CECA-42FF-8257-DBFA66816169" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.12:*:*:*:*:*:*:*", + "matchCriteriaId": "D9B88FEF-4A6B-4F71-92BC-2F3835ADAD6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.1:*:*:*:*:*:*:*", + "matchCriteriaId": "178264BF-4E16-49CA-A3C3-CAF3ABA2B0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.2:*:*:*:*:*:*:*", + "matchCriteriaId": "7F9D8F48-4890-4A8F-A31C-82534C30CDDC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C26630BE-8CB9-4580-87C5-0F8D9381B574" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0477334B-2179-4F7C-A562-7CF62FB15188" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "68570B19-32BB-441C-9C00-C1A839CBD985" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "55BD3A1F-9453-40EE-B155-8182BA49C1CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D0FE1DED-33FB-4118-80E7-86D4641C7E61" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxsscsrf-2L24bBx6", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20180.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20180.json index 8d1181b846e..8923aa40376 100644 --- a/CVE-2023/CVE-2023-201xx/CVE-2023-20180.json +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20180.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20180", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-07-07T20:15:09.943", - "lastModified": "2023-07-08T10:25:54.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:03:37.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +54,197 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.6:*:*:*:*:*:*:*", + "matchCriteriaId": "4F3FA883-F14A-424A-8CEA-E7B140311B88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.7:*:*:*:*:*:*:*", + "matchCriteriaId": "D1A28A13-3554-4951-9BC6-D57E68672648" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.7.4:*:*:*:*:*:*:*", + "matchCriteriaId": "8A9F521F-5D30-4DE7-A308-D1EC7F17C5FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "DA6A48E8-0B18-49F7-9869-A493F356778E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.8:*:*:*:*:*:*:*", + "matchCriteriaId": "25230DAE-8870-4D37-A61A-E352C1B3D745" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3875C388-7B83-451C-8F37-609A414B847E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.8.3:*:*:*:*:*:*:*", + "matchCriteriaId": "17D2A6BB-43D5-4907-BA8E-0EFC5C45A8E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "43E36526-AD0B-4020-86B5-0681D6D4A845" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.9:*:*:*:*:*:*:*", + "matchCriteriaId": "787AA492-5044-4A98-BA14-DE1D2DB09435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D1752401-15DE-42A1-B7A1-F6C82DAEE1A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.10:*:*:*:*:*:*:*", + "matchCriteriaId": "A89D03AD-C0CB-48B9-9B17-C4397F7BCC6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:39.11:*:*:*:*:*:*:*", + "matchCriteriaId": "2DD47BA5-5DA9-4C0E-BE96-F1E94E444DE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.1:*:*:*:*:*:*:*", + "matchCriteriaId": "69A90D5E-EA48-4738-BE1B-78FBDAD33017" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.2:*:*:*:*:*:*:*", + "matchCriteriaId": "94E66A90-D684-4185-8C28-727B62AFB39D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0082B39D-BC0E-4716-8332-A04EA6BBBDD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "F82C6242-BCD3-43C1-8B1D-4044C4263050" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.6:*:*:*:*:*:*:*", + "matchCriteriaId": "982C57A9-231E-4CB2-80A8-19A2DF951615" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:40.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "11176259-0359-416D-A22D-DEBEBE755FE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.6:*:*:*:*:*:*:*", + "matchCriteriaId": "FC9FB403-FD08-48CE-AEEA-D39485CAF64A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.7:*:*:*:*:*:*:*", + "matchCriteriaId": "95C51BA7-857E-46CF-A9F1-6FAF354256AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.8:*:*:*:*:*:*:*", + "matchCriteriaId": "8D521C27-9DC7-455F-846B-BBCBF91E40BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.9:*:*:*:*:*:*:*", + "matchCriteriaId": "E556DE9F-C369-4A0C-94D9-5F5A83BFF8D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.10:*:*:*:*:*:*:*", + "matchCriteriaId": "6AC385C8-8E95-461F-AC9D-926BF24C2D7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.11:*:*:*:*:*:*:*", + "matchCriteriaId": "47ED4961-CECA-42FF-8257-DBFA66816169" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:42.12:*:*:*:*:*:*:*", + "matchCriteriaId": "D9B88FEF-4A6B-4F71-92BC-2F3835ADAD6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.1:*:*:*:*:*:*:*", + "matchCriteriaId": "178264BF-4E16-49CA-A3C3-CAF3ABA2B0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.2:*:*:*:*:*:*:*", + "matchCriteriaId": "7F9D8F48-4890-4A8F-A31C-82534C30CDDC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C26630BE-8CB9-4580-87C5-0F8D9381B574" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0477334B-2179-4F7C-A562-7CF62FB15188" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "68570B19-32BB-441C-9C00-C1A839CBD985" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "55BD3A1F-9453-40EE-B155-8182BA49C1CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:webex_meetings:43.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D0FE1DED-33FB-4118-80E7-86D4641C7E61" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxsscsrf-2L24bBx6", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2078.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2078.json index 0fa66382e27..4ba9be528d2 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2078.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2078.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2078", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-11T03:15:09.227", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:55:55.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -50,22 +70,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:buymeacoffee:buy_me_a_coffee:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.8", + "matchCriteriaId": "8FB9059F-EE95-42C3-BC6E-8C8266C74856" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/admin/class-buy-me-a-coffee-admin.php?rev=2816542", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/includes/class-buy-me-a-coffee.php?rev=2319979#L162", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2935565%40buymeacoffee&new=2935565%40buymeacoffee&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1c218c6-1599-4dc9-846f-e0ef74821488?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2079.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2079.json index 09eacd4eb6e..bea1cd69915 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2079.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2079.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2079", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-11T03:15:09.310", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:56:25.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", @@ -50,22 +70,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:buymeacoffee:buy_me_a_coffee:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.8", + "matchCriteriaId": "8FB9059F-EE95-42C3-BC6E-8C8266C74856" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/admin/class-buy-me-a-coffee-admin.php?rev=2816542", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/includes/class-buy-me-a-coffee.php?rev=2319979#L162", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2935565%40buymeacoffee&new=2935565%40buymeacoffee&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6309258e-e4fc-4edf-a771-2d82a9a85a5c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22835.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22835.json index 962afa936b6..e1b7bafd7e9 100644 --- a/CVE-2023/CVE-2023-228xx/CVE-2023-22835.json +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22835.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22835", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2023-07-10T21:15:10.540", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:06:22.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + }, { "source": "cve-coordination@palantir.com", "type": "Secondary", @@ -34,10 +54,49 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palantir:foundry_frontend:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.228.0", + "matchCriteriaId": "3B2BF858-2C37-4778-B132-E4A9DADBCFD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palantir:foundry_issues:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.510.0", + "matchCriteriaId": "F9980734-2C13-41CD-A88A-D1EFCEDC73BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://palantir.safebase.us/?tcuUid=0e2e79bd-cc03-42a8-92c2-c0e68a1ea53d", - "source": "cve-coordination@palantir.com" + "source": "cve-coordination@palantir.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2263.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2263.json new file mode 100644 index 00000000000..ed5748e7b09 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2263.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2263", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-07-18T16:15:11.600", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nThe Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. \u00a0The new ENIP connections cannot be established if impacted by this vulnerability, \u00a0which prohibits operational capabilities of the device resulting in a denial-of-service attack.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140029", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23671.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23671.json index 6fa464d9c84..c8d0261a5b2 100644 --- a/CVE-2023/CVE-2023-236xx/CVE-2023-23671.json +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23671.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23671", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T12:15:09.603", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:21:26.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:web-settler:layer_slider:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.9.7", + "matchCriteriaId": "C9C81A39-0E6A-4194-A74F-D5FFE2264A32" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/slider-slideshow/wordpress-layer-slider-plugin-1-1-9-6-cross-site-request-forgery-csrf-leading-to-post-page-deletion-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24390.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24390.json index 695b1a6d7dd..8608a5df67d 100644 --- a/CVE-2023/CVE-2023-243xx/CVE-2023-24390.json +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24390.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24390", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T15:15:11.467", - "lastModified": "2023-07-18T15:15:11.467", - "vulnStatus": "Received", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24417.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24417.json index 2e93a072d78..af67ac65d14 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24417.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24417.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24417", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:09.457", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:22:06.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tiggerswelt:worthy:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.5-6497609", + "matchCriteriaId": "E446A461-C4C8-4CB4-BD44-0CEEE51CB069" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-worthy/wordpress-worthy-vg-wort-integration-fuer-wordpress-plugin-1-6-5-6497609-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24486.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24486.json index a66d8a6b5a4..2a208ac9e37 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24486.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24486.json @@ -2,16 +2,49 @@ "id": "CVE-2023-24486", "sourceIdentifier": "secure@citrix.com", "published": "2023-07-10T21:15:10.600", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:33:38.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -23,10 +56,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "2302", + "matchCriteriaId": "06F0DC7A-F8DA-4B3F-8A1B-DC11A4394348" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486", - "source": "secure@citrix.com" + "source": "secure@citrix.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24487.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24487.json index 19d93558152..43136e18717 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24487.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24487.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24487", "sourceIdentifier": "secure@citrix.com", "published": "2023-07-10T21:15:10.650", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:25:55.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -46,10 +76,88 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*", + "versionStartIncluding": "12.1", + "versionEndExcluding": "12.1-55.296", + "matchCriteriaId": "EDEB8DA9-D2C2-40CA-8D37-B3878E41A596" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*", + "versionStartIncluding": "12.1", + "versionEndExcluding": "12.1-55.296", + "matchCriteriaId": "AD984EFC-389E-4660-A6AB-4FF4F1DB5D3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:-:*:*:*", + "versionStartIncluding": "12.1", + "versionEndExcluding": "12.1-65.35", + "matchCriteriaId": "196840B2-A87D-448C-8E9C-61C01188A8A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:-:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.0-90.11", + "matchCriteriaId": "885DC06B-B95C-4D86-8702-2D54C38B467B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*", + "versionStartIncluding": "13.1", + "versionEndExcluding": "13.1-37.150", + "matchCriteriaId": "523E9114-7624-4759-8F60-C1C5200BC438" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:-:*:*:*", + "versionStartIncluding": "13.1", + "versionEndExcluding": "13.1-45.61", + "matchCriteriaId": "11CA79C0-C374-430E-B699-91D9BB7B728E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.1", + "versionEndExcluding": "12.1-65.35", + "matchCriteriaId": "7C7337CF-B482-4272-8D5E-C6F18FC07E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.0-90.11", + "matchCriteriaId": "E9853C6D-CA36-4018-80D9-4C196C1D6D56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1", + "versionEndExcluding": "13.1-45.61", + "matchCriteriaId": "2A762510-82CB-4671-8D3C-A0C53E21FB9C" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488", - "source": "secure@citrix.com" + "source": "secure@citrix.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24489.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24489.json index 54cdea66424..189bbcb9c47 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24489.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24489.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24489", "sourceIdentifier": "secure@citrix.com", "published": "2023-07-10T22:15:09.197", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:19:45.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:sharefile_storage_zones_controller:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.11.24", + "matchCriteriaId": "42FCFB5C-11F0-4FEB-B6DA-41C9E5F1A74D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489", - "source": "secure@citrix.com" + "source": "secure@citrix.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24490.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24490.json index bbc9e330849..0a12c6a13a9 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24490.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24490.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24490", "sourceIdentifier": "secure@citrix.com", "published": "2023-07-10T22:15:09.263", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:43:58.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secure@citrix.com", "type": "Secondary", @@ -46,10 +76,137 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*", + "versionEndExcluding": "2305", + "matchCriteriaId": "3E82967D-2580-4C52-B92A-234BC27ECBBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*", + "matchCriteriaId": "F9330183-B04B-46F1-9DA6-5EAF216DFCC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:*:*:ltsr:*:*:*", + "matchCriteriaId": "A2486FD4-AF16-4F57-836A-42A2D11012C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:*:*:ltsr:*:*:*", + "matchCriteriaId": "1BF66372-CFDC-42DD-87FA-480DC0565977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:ltsr:*:*:*", + "matchCriteriaId": "AE1E7523-EEB7-46CE-A01E-04FACB407395" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:*:*:ltsr:*:*:*", + "matchCriteriaId": "0B60552E-923B-4064-96D9-0F565C58695C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:*:*:ltsr:*:*:*", + "matchCriteriaId": "21EC9092-FCA9-41AA-9A9B-83D7E3DABB2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:*:*:ltsr:*:*:*", + "matchCriteriaId": "5353646C-E3FB-4315-83C7-D6EEE258C964" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:*:*:ltsr:*:*:*", + "matchCriteriaId": "8AE1E7FC-9E2C-45BC-9F12-43149210D261" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:*:*:ltsr:*:*:*", + "matchCriteriaId": "0AEBE958-3A73-4F9D-932E-62495408A609" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:*:*:ltsr:*:*:*", + "matchCriteriaId": "BBD9FA8E-333E-4231-9F7D-08A604D065AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:*:*:*:*:-:*:*:*", + "versionEndExcluding": "2305", + "matchCriteriaId": "E7821959-422B-426F-B963-7100C47F9C0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:1912:-:*:*:ltsr:*:*:*", + "matchCriteriaId": "01457137-FDAA-4BED-898C-A24D2EA85936" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:1912:cu1:*:*:ltsr:*:*:*", + "matchCriteriaId": "7CE5CFB7-9C78-467D-866E-ACB0ACA477F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:1912:cu2:*:*:ltsr:*:*:*", + "matchCriteriaId": "7F7BFB2E-EC75-4DE2-AECA-E105BE03E700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:1912:cu3:*:*:ltsr:*:*:*", + "matchCriteriaId": "38227179-7380-4E1B-A13C-612545FB0379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:1912:cu4:*:*:ltsr:*:*:*", + "matchCriteriaId": "2E91B885-B6D9-474E-963F-D4EE30589D18" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:1912:cu5:*:*:ltsr:*:*:*", + "matchCriteriaId": "E0891F0B-FC62-404F-B965-A78431DFF2B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:1912:cu6:*:*:ltsr:*:*:*", + "matchCriteriaId": "E25EF4FA-C654-48F4-91C9-E430520F8326" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:2203:-:*:*:ltsr:*:*:*", + "matchCriteriaId": "AC6CD3E0-D1F3-4443-9E77-EDA0EE6A1758" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:2203:cu1:*:*:ltsr:*:*:*", + "matchCriteriaId": "C1CADA77-7572-45C8-8B2A-516CD025A0DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:citrix:linux_virtual_delivery_agent:2203:cu2:*:*:ltsr:*:*:*", + "matchCriteriaId": "40345A7F-642E-44CE-9782-DB86FE968520" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490", - "source": "secure@citrix.com" + "source": "secure@citrix.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25443.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25443.json index 5199747ab59..791b65161fd 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25443.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25443.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25443", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:09.533", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:22:13.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wow-company:button_generator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.5", + "matchCriteriaId": "27EB059E-2F32-4881-B863-2AA10E7D4155" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-plugin-2-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25706.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25706.json index 405fb448837..60e0f53cbea 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25706.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25706.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25706", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:09.607", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:22:21.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pagup:better_robots.txt:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.5", + "matchCriteriaId": "9369D193-8F3C-4DFE-9D59-427A2BBDB699" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/better-robots-txt/wordpress-wordpress-robots-txt-optimization-xml-sitemap-website-traffic-seo-ranking-booster-plugin-1-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2746.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2746.json index b98a3af5c06..c33677fa0be 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2746.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2746.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2746", "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2023-07-11T14:15:09.467", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:26:41.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + }, { "source": "PSIRT@rockwellautomation.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "PSIRT@rockwellautomation.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rockwellautomation:enhanced_him:1.001:*:*:*:*:*:*:*", + "matchCriteriaId": "51135134-B184-4E8E-8B1E-9D3B58F5E0C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760", - "source": "PSIRT@rockwellautomation.com" + "source": "PSIRT@rockwellautomation.com", + "tags": [ + "Permissions Required", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28019.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28019.json new file mode 100644 index 00000000000..93c3172e663 --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28019.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-28019", + "sourceIdentifier": "psirt@hcl.com", + "published": "2023-07-18T18:15:11.817", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28020.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28020.json new file mode 100644 index 00000000000..ca253a1d796 --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28020.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-28020", + "sourceIdentifier": "psirt@hcl.com", + "published": "2023-07-18T19:15:09.437", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\u00a0URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28021.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28021.json new file mode 100644 index 00000000000..a95b45c1646 --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28021.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-28021", + "sourceIdentifier": "psirt@hcl.com", + "published": "2023-07-18T19:15:09.503", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The BigFix WebUI uses weak cipher suites.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29131.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29131.json index 2546ab275e9..32f2bfdf745 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29131.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29131.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29131", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:10.473", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:30:33.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.5", + "matchCriteriaId": "3F50C1C5-0934-44E6-A3F3-C473B6EA82F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30153.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30153.json new file mode 100644 index 00000000000..184f4dafb96 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30153.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-30153", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T19:15:09.573", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://addons.prestashop.com/en/payment-card-wallet/8795--payplug-accept-customer-payments-wherever-they-are.html", + "source": "cve@mitre.org" + }, + { + "url": "https://security.friendsofpresta.org/module/2023/07/18/payplug.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-303xx/CVE-2023-30383.json b/CVE-2023/CVE-2023-303xx/CVE-2023-30383.json new file mode 100644 index 00000000000..5f3c4c52660 --- /dev/null +++ b/CVE-2023/CVE-2023-303xx/CVE-2023-30383.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-30383", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T19:15:09.643", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tplink.com", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/a2ure123/a4eda2813d85d8b414bb87e855ab4bf8", + "source": "cve@mitre.org" + }, + { + "url": "https://www.tp-link.com/us/support/download/archer-c2/v1/#Firmware", + "source": "cve@mitre.org" + }, + { + "url": "https://www.tp-link.com/us/support/download/archer-c50/v2/#Firmware", + "source": "cve@mitre.org" + }, + { + "url": "https://www.tp-link.com/us/support/download/archer-c50/v2/#Firmware),TPLINK", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30919.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30919.json index 81c207809e1..c5e1d095385 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30919.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30919.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30919", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.027", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:03:01.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30920.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30920.json index c108c0df03d..2729be6b5a3 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30920.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30920.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30920", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.070", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:03:28.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30921.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30921.json index 343f79200a9..51e2be174eb 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30921.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30921.json @@ -2,19 +2,161 @@ "id": "CVE-2023-30921", "sourceIdentifier": "security@unisoc.com", "published": "2023-07-12T09:15:11.117", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:14:06.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30956.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30956.json index f6b899cba76..41a87ed3025 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30956.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30956.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30956", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2023-07-10T22:15:09.337", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:51:43.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + }, { "source": "cve-coordination@palantir.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palantir:foundry_comments:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.267.0", + "matchCriteriaId": "DB9F014E-F469-456C-A77B-46146A38DC42" + } + ] + } + ] + } + ], "references": [ { "url": "https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a", - "source": "cve-coordination@palantir.com" + "source": "cve-coordination@palantir.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30960.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30960.json index 1cb5d5eb767..bdcfd720894 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30960.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30960.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30960", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2023-07-10T22:15:09.410", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:49:10.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cve-coordination@palantir.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palantir:foundry_job-tracker:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.645.0", + "matchCriteriaId": "79928D14-B7DA-4696-B71B-FB691D946C49" + } + ] + } + ] + } + ], "references": [ { "url": "https://palantir.safebase.us/?tcuUid=115d9bf4-201f-4cfe-b2fc-219e3a2d945b", - "source": "cve-coordination@palantir.com" + "source": "cve-coordination@palantir.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30963.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30963.json index 38aeb72f241..d1267db61cd 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30963.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30963.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30963", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2023-07-10T22:15:09.477", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:42:11.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cve-coordination@palantir.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palantir:foundry_frontend:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.229.0", + "matchCriteriaId": "F02A5A87-A8FC-4792-8AED-593F1B382130" + } + ] + } + ] + } + ], "references": [ { "url": "https://palantir.safebase.us/?tcuUid=3c6b63b7-fb67-4202-a94a-9c83515efb8a", - "source": "cve-coordination@palantir.com" + "source": "cve-coordination@palantir.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3081.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3081.json index 019cf1e2813..c5c2f1195ed 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3081.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3081.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3081", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T05:15:09.597", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:10:30.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:awesomemotive:wp_mail_logging:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.11.2", + "matchCriteriaId": "88FDEEBF-3DA8-4F0C-972B-66AB3F6E8DC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2923464/wp-mail-logging", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2925728/wp-mail-logging", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef20b3e6-d8f4-458e-b604-b46ef16e229e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3082.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3082.json index 175f028470a..7b60445c99c 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3082.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3082.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3082", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T05:15:09.677", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:09:28.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.5.8", + "matchCriteriaId": "BECABCB4-7E6C-41BC-8291-5B7B2823CE01" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2935537/post-smtp", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ecd0fa6-4fdb-4780-9560-0bb126800685?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3087.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3087.json index c1dd021520b..ad3e5aa8bc3 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3087.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3087.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3087", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T05:15:09.747", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:08:42.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmanageninja:fluentsmtp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.5", + "matchCriteriaId": "659B4F4A-C479-4BF9-B99F-AE7E58B52B18" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2935217/fluent-smtp/trunk/app/Models/Logger.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2935217/fluent-smtp/trunk/app/Services/Mailer/BaseHandler.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa47a794-e5ce-491d-a10b-c7c5718aa853?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3088.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3088.json index 7e370aca1a9..55dbb85e909 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3088.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3088.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3088", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T05:15:09.823", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:08:18.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.2", + "matchCriteriaId": "D42AFE93-13CF-4819-9DF2-8ABE8585F27D" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2931706/wp-mail-log", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86ee1acb-6f0c-40e6-80a0-fc93b61c1602?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3092.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3092.json index c23fdf31bcd..c815265f06a 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3092.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3092.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3092", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T05:15:09.900", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:08:02.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:photoboxone:smtp_mail:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.16", + "matchCriteriaId": "AFE1DEB1-B844-4EDB-9D54-AD0D565C3015" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/smtp-mail/trunk/includes/data-list-table.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ae734d1-0cd4-4ff5-8448-828b0fb64f70?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3093.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3093.json index 8d56fa0af9a..3601a398732 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3093.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3093.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3093", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T05:15:09.980", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:07:51.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +64,50 @@ "value": "CWE-79" } ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yaycommerce:yaysmtp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.4.6", + "matchCriteriaId": "8653A64E-C0E9-4E64-9806-EDD7B454D98C" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2922163/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68e6ec3a-c5fd-4f63-a9a0-2c9ddfb96e2e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31405.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31405.json index 076fb9ab328..8701496dee1 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31405.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31405.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31405", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:09.387", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:10:38.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_for_java:7.50:*:*:*:*:*:*:*", + "matchCriteriaId": "D7A80232-F2C2-4B40-A00C-25611D3409AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3324732", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31441.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31441.json index 4344e6e3c17..842e8218af7 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31441.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31441.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31441", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-18T15:15:11.663", - "lastModified": "2023-07-18T15:15:11.663", - "vulnStatus": "Received", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3105.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3105.json index 2fa7fa87ed4..3f87d74217e 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3105.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3105.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3105", "sourceIdentifier": "security@wordfence.com", "published": "2023-07-12T05:15:10.053", - "lastModified": "2023-07-12T12:46:30.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:07:33.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,14 +46,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:learndash:learndash:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.6.0", + "matchCriteriaId": "06EF8D4A-E904-4D14-9FF2-A5DC240D426A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.learndash.com/release-notes/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2318b3e1-268d-45fa-83bf-c6e88f1b9013?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3175.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3175.json index 052e6e85387..d267eac49e3 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3175.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3175.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3175", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-10T16:15:55.133", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:52:20.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.6.1", + "matchCriteriaId": "0709ED0B-61F4-453E-BE59-0546AA9A8F62" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/7643980b-eaa2-45d1-bd9d-9afae0943f43", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32104.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32104.json index ece3f97f1c3..e52f84c6239 100644 --- a/CVE-2023/CVE-2023-321xx/CVE-2023-32104.json +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32104.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32104", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:09.687", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:22:27.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mycurator_content_curation_project:mycurator_content_curation:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.74", + "matchCriteriaId": "FBEC86B9-D989-4D49-8B6F-8D8CCE6CB7EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mycurator/wordpress-mycurator-content-curation-plugin-3-74-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3219.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3219.json index ccfc4f8cbe7..de37f39d8af 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3219.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3219.json @@ -2,18 +2,41 @@ "id": "CVE-2023-3219", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-10T16:15:55.250", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:52:52.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +44,44 @@ "value": "CWE-639" } ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.2", + "matchCriteriaId": "CAE44D9E-F39C-4230-8D1D-0EC2BE8DDAB7" + } + ] + } + ] } ], "references": [ { "url": "https://wpscan.com/vulnerability/72d80887-0270-4987-9739-95b1a178c1fd", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3225.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3225.json index f1231f22578..a00afca093b 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3225.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3225.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3225", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-10T16:15:55.307", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:53:02.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wow-company:float_menu:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.0.3", + "matchCriteriaId": "B88EB4F0-09E2-435F-A10D-B210D36B41E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/3c76d0f4-2ea8-433d-afb2-e35e45630899", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3270.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3270.json index dfd7042c1af..a7274e0ce7c 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3270.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3270.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3270", "sourceIdentifier": "psirt@sick.de", "published": "2023-07-10T16:15:55.367", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:53:13.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@sick.de", "type": "Secondary", @@ -34,18 +54,69 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.5.0", + "matchCriteriaId": "C9781FA2-2446-4587-8BBA-1AC342BC5A0F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E1AF1D7-8380-4B5C-8258-214F00638CC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://sick.com/psirt", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33231.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33231.json new file mode 100644 index 00000000000..f2873799689 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33231.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-33231", + "sourceIdentifier": "psirt@solarwinds.com", + "published": "2023-07-18T17:15:11.397", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XSS attack was possible in DPA 2023.2 due to insufficient input validation" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@solarwinds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@solarwinds.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-3_release_notes.htm", + "source": "psirt@solarwinds.com" + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33231", + "source": "psirt@solarwinds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33265.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33265.json new file mode 100644 index 00000000000..b1d070cc112 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33265.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33265", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T16:15:11.693", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/hazelcast/hazelcast", + "source": "cve@mitre.org" + }, + { + "url": "https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33312.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33312.json new file mode 100644 index 00000000000..57c0afeb97e --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33312.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33312", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-07-18T18:15:11.897", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <=\u00a01.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/easy-captcha/wordpress-easy-captcha-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33329.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33329.json new file mode 100644 index 00000000000..ef82c45cbef --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33329.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33329", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-07-18T18:15:11.997", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Hijiri Custom Post Type Generator plugin <=\u00a02.4.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/custom-post-type-generator/wordpress-custom-post-type-generator-plugin-2-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33871.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33871.json new file mode 100644 index 00000000000..0906f132459 --- /dev/null +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33871.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33871", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-07-18T18:15:12.097", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-36" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33987.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33987.json index cb51e52af91..e5057d3bfe7 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33987.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33987.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33987", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:09.450", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:31:55.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,152 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:*", + "matchCriteriaId": "0B4A7850-377C-4463-A5D7-07F516FBD74A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*", + "matchCriteriaId": "950DF1E2-990E-41EF-8779-CEC54C7CDC60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*", + "matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*", + "matchCriteriaId": "49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*", + "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.88:*:*:*:*:*:*:*", + "matchCriteriaId": "677B15E6-09B3-4BA8-8D99-427952335035" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*", + "matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.90:*:*:*:*:*:*:*", + "matchCriteriaId": "DA093F5F-071D-4FA5-AADA-7E058014AB6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:hdb_2.00:*:*:*:*:*:*:*", + "matchCriteriaId": "1A4A56FB-16CB-4ACA-A961-01F57B1A11F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.49:*:*:*:*:*:*:*", + "matchCriteriaId": "5512FFE8-E10E-48A3-A153-821D1948AB5E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "A7E4BC89-114A-4EA3-A9E8-D956A26BCB18" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.54:*:*:*:*:*:*:*", + "matchCriteriaId": "65A5FFAC-93F9-4204-9FA1-4D749D443173" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*", + "matchCriteriaId": "E0098E57-6A7F-4CC6-8109-E2400E0FFFEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.81:*:*:*:*:*:*:*", + "matchCriteriaId": "87738C45-6B88-4DD4-A4A3-4AD47502679C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.85:*:*:*:*:*:*:*", + "matchCriteriaId": "E7ABB030-9A13-4194-A2A4-9623B2F22D7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.88:*:*:*:*:*:*:*", + "matchCriteriaId": "B994804F-5405-4295-93BF-4F1C5C3CF00C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.89:*:*:*:*:*:*:*", + "matchCriteriaId": "DB22EAAE-F75C-4902-9734-52B048D5D7B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.90:*:*:*:*:*:*:*", + "matchCriteriaId": "E8D4EFB1-0225-454D-9273-259A4055F482" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.49:*:*:*:*:*:*:*", + "matchCriteriaId": "8F634C80-5034-44A2-9F94-69DEDF453998" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.49:*:*:*:*:*:*:*", + "matchCriteriaId": "FB2FD99C-D945-4495-97C7-03D6C6BBBE4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "3A8CD933-E217-445A-B244-C07625F9EE74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:sap_extended_app_services_1:*:*:*:*:*:*:*", + "matchCriteriaId": "216C4CEE-E514-43FB-8819-591AF721E2ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:xs_advanced_runtime_1.00:*:*:*:*:*:*:*", + "matchCriteriaId": "7E9D3697-7C80-4629-AE7A-73BDE5C558B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3233899", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33988.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33988.json index 3c9505eae0f..e1f37b863e7 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33988.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33988.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33988", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:09.523", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:28:55.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:enable_now:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D9E5418-8D10-48C4-93AF-0B036893B093" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3326769", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34029.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34029.json index f9423719cc2..ad0f67c32ac 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34029.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34029.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34029", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:09.760", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:22:38.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:disable_wordpress_update_notifications_and_auto-update_email_notifications_project:disable_wordpress_update_notifications_and_auto-update_email_notifications:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.3", + "matchCriteriaId": "8540D39C-CB9F-41D9-A227-E95F6AD1CC12" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/disable-update-notifications/wordpress-disable-wordpress-update-notifications-and-auto-update-email-notifications-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34035.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34035.json new file mode 100644 index 00000000000..885b55b9d04 --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34035.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-34035", + "sourceIdentifier": "security@vmware.com", + "published": "2023-07-18T16:15:11.753", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Spring Security versions 5.8\u00a0prior to 5.8.5, 6.0\u00a0prior to 6.0.5,\u00a0and 6.1\u00a0prior to 6.1.2\u00a0could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String)\u00a0and multiple servlets, one of them being Spring MVC\u2019s DispatcherServlet.\u00a0(DispatcherServlet\u00a0is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * Spring MVC is on the classpath\n * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC\u2019s DispatcherServlet)\n * The application uses requestMatchers(String)\u00a0to refer to endpoints that are not Spring MVC endpoints\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not have Spring MVC on the classpath\n * The application secures no servlets other than Spring MVC\u2019s DispatcherServlet\n * The application uses requestMatchers(String)\u00a0only for Spring MVC endpoints\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://spring.io/security/cve-2023-34035", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34185.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34185.json index 329e4395ff4..755ce090c67 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34185.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34185.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34185", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T12:15:09.687", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:21:37.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wordpress_nextgen_galleryview_project:wordpress_nextgen_galleryview:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.5.5", + "matchCriteriaId": "CF7555F6-CEBA-42EF-8B67-FC4FADC46EC3" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wordpress-nextgen-galleryview/wordpress-wordpress-nextgen-galleryview-plugin-0-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34329.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34329.json new file mode 100644 index 00000000000..b8110d8674b --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34329.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-34329", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-07-18T18:15:12.193", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAMI SPx contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + }, + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34330.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34330.json new file mode 100644 index 00000000000..7ea6caba5f6 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34330.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34330", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-07-18T18:15:12.287", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAMI SPx contains a vulnerability in the BMC where a User may cause a improper control of generation of code by Dynamic Redfish Extension. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.\u00a0" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34561.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34561.json index 893ae0b6a2d..4a6eda2909c 100644 --- a/CVE-2023/CVE-2023-345xx/CVE-2023-34561.json +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34561.json @@ -2,39 +2,115 @@ "id": "CVE-2023-34561", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T13:15:09.830", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:22:57.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer overflow in the level parsing code of RobTop Games AB Geometry Dash v2.113 allows attackers to execute arbitrary code via entering a Geometry Dash level." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:robtopgames:geometry_dash:2.113:*:*:*:*:*:*:*", + "matchCriteriaId": "814B2DB0-7D71-4111-BFC0-B8B3B0ADEA10" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/meltah/gd-rce", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.youtube.com/watch?v=DMxucOWfLPc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.youtube.com/watch?v=RGMeWPchScg", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.youtube.com/watch?v=ev0VXbiduuQ", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.youtube.com/watch?v=kAeJvY6BBps", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.youtube.com/watch?v=u7eXBr4HkKQ", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35044.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35044.json index 1aa9283eb58..3fcccb96235 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35044.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35044.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35044", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:09.883", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:24:12.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:securimage-wp-fixed_project:securimage-wp-fixed:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.6.16", + "matchCriteriaId": "8D57A6C4-CCC3-4ABB-B200-2205857A4501" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/securimage-wp/wordpress-securimage-wp-plugin-3-6-16-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35047.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35047.json index 207f7d42065..30c6e3f0d37 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35047.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35047.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35047", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T12:15:09.757", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:21:45.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:areoi:all_bootstrap_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.6", + "matchCriteriaId": "6BBAED4F-2F92-4AE5-8E63-313ECC24B468" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/all-bootstrap-blocks/wordpress-all-bootstrap-blocks-plugin-1-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35091.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35091.json index 4324817ae6d..9efd4dc749b 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35091.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35091.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35091", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:09.957", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:55:10.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:storeapps:stock_manager_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.10.0", + "matchCriteriaId": "54DB07D4-A29C-406E-A406-61B7267C2BAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-stock-manager/wordpress-stock-manager-for-woocommerce-plugin-2-10-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35189.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35189.json new file mode 100644 index 00000000000..fc9f1df33fc --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35189.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35189", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-07-18T18:15:12.370", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote \ncode execution vulnerability that could allow an unauthenticated user to\n upload a malicious payload and execute it.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35763.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35763.json new file mode 100644 index 00000000000..432fde74d81 --- /dev/null +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35763.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35763", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-07-18T18:15:12.460", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-321" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35773.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35773.json index db3613f89dd..c7776796ed4 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35773.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35773.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35773", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:10.027", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:02:54.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:template_debugger_project:template_debugger:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.2", + "matchCriteriaId": "A8445FFB-AD06-441E-B073-28B3E988ACDE" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/quick-edit-template-link/wordpress-template-debugger-plugin-3-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35778.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35778.json index f3b85359231..8c0c0ee8031 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35778.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35778.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35778", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T12:15:09.830", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:21:52.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:recent_posts_slider_project:recent_posts_slider:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "C5F3FF0A-FA55-42F2-8DD8-8B297F95F7C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/recent-posts-slider/wordpress-recent-posts-slider-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35780.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35780.json index 118a99535cf..0988d7c86f2 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35780.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35780.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35780", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T12:15:09.907", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:21:59.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:galleria_project:galleria:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.3", + "matchCriteriaId": "D410801E-E95E-4741-8211-F681B87FF14D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/galleria/wordpress-galleria-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35854.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35854.json index e97f4a123b5..a151e5f58e7 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35854.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35854.json @@ -2,12 +2,12 @@ "id": "CVE-2023-35854", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-20T12:15:09.690", - "lastModified": "2023-06-27T18:03:04.617", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-18T16:15:11.820", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator." + "value": "** DISPUTED ** Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have \"found no evidence or detail of a security vulnerability.\"" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35871.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35871.json index 644b089a01f..ccf966aeb29 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35871.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35871.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35871", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:09.867", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:20:09.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "cna@sap.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,132 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*", + "matchCriteriaId": "950DF1E2-990E-41EF-8779-CEC54C7CDC60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*", + "matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*", + "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*", + "matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.91:*:*:*:*:*:*:*", + "matchCriteriaId": "AC165964-CB7E-40BC-A63E-7CD0E34CF93D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.92:*:*:*:*:*:*:*", + "matchCriteriaId": "C72FF95D-9A43-4788-810F-2FFE408A1CFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:7.93:*:*:*:*:*:*:*", + "matchCriteriaId": "9105215B-CB70-4063-9302-138F54DD2672" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:hdb_2.00:*:*:*:*:*:*:*", + "matchCriteriaId": "1A4A56FB-16CB-4ACA-A961-01F57B1A11F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "A7E4BC89-114A-4EA3-A9E8-D956A26BCB18" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.54:*:*:*:*:*:*:*", + "matchCriteriaId": "65A5FFAC-93F9-4204-9FA1-4D749D443173" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*", + "matchCriteriaId": "E0098E57-6A7F-4CC6-8109-E2400E0FFFEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.85:*:*:*:*:*:*:*", + "matchCriteriaId": "E7ABB030-9A13-4194-A2A4-9623B2F22D7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.89:*:*:*:*:*:*:*", + "matchCriteriaId": "DB22EAAE-F75C-4902-9734-52B048D5D7B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.91:*:*:*:*:*:*:*", + "matchCriteriaId": "2CB56066-A70F-4162-9E7F-829DE9862467" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.92:*:*:*:*:*:*:*", + "matchCriteriaId": "CBDC3937-9B43-46AF-B003-D5C0B181B214" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.93:*:*:*:*:*:*:*", + "matchCriteriaId": "30459CD4-451D-4C3D-8FE2-17552F83D7CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "3A8CD933-E217-445A-B244-C07625F9EE74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:sap_extended_app_services_1:*:*:*:*:*:*:*", + "matchCriteriaId": "216C4CEE-E514-43FB-8819-591AF721E2ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:web_dispatcher:xs_advanced_runtime_1.00:*:*:*:*:*:*:*", + "matchCriteriaId": "7E9D3697-7C80-4629-AE7A-73BDE5C558B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3340735", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36293.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36293.json index 982eea09d99..9c2bd88642d 100644 --- a/CVE-2023/CVE-2023-362xx/CVE-2023-36293.json +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36293.json @@ -2,23 +2,82 @@ "id": "CVE-2023-36293", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T15:15:20.313", - "lastModified": "2023-07-11T16:16:52.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:23:02.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wmanager:wmanager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.7", + "matchCriteriaId": "D8D1D68F-3EF6-46C1-8341-F0AD238A6B4C" + } + ] + } + ] + } + ], "references": [ { "url": "http://wmanager.org/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/wmanager/base", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36383.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36383.json index c1f0f28f043..4501658ac5e 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36383.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36383.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36383", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T15:15:11.777", - "lastModified": "2023-07-18T15:15:11.777", - "vulnStatus": "Received", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36384.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36384.json index bc2a902aba7..4786a89f137 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36384.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36384.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36384", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-18T15:15:11.867", - "lastModified": "2023-07-18T15:15:11.867", - "vulnStatus": "Received", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36389.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36389.json index c1cdb382d43..f28f4dfd464 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36389.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36389.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36389", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:10.760", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:35:46.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36390.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36390.json index 86e30b5e63a..dd87cffca76 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36390.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36390.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36390", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:10.827", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:53:10.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36522.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36522.json index e265debc4fe..ae9652c9dce 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36522.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36522.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36522", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:10.100", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:04:40.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wepupil:quiz_expert_-_easy_quiz_maker\\,_exam_and_test_manager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.0", + "matchCriteriaId": "73C40516-9673-4D5A-9093-7662E6E456F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/quiz-expert/wordpress-quiz-expert-easy-quiz-maker-exam-and-test-manager-plugin-1-5-0-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36669.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36669.json new file mode 100644 index 00000000000..a300e27a725 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36669.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-36669", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T18:15:12.553", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kratosdefense.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.kratosdefense.com/vulnerability-advisories/cve-2023-36669", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36670.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36670.json new file mode 100644 index 00000000000..d46da9d5d42 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36670.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-36670", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T19:15:09.703", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kratosdefense.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.kratosdefense.com/vulnerability-advisories/cve-2023-36670", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36687.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36687.json index 9cec1bb7b77..ca52dc6999a 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36687.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36687.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36687", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T11:15:08.737", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:21:13.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dontdream:menubar:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.8.2", + "matchCriteriaId": "CC18EE8A-63E5-4592-B999-A1AC576186BA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/menubar/wordpress-menubar-plugin-5-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36690.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36690.json index 778b1041ca3..312b9396a71 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36690.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36690.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36690", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T13:15:10.173", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:16:44.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vibethemes:wordpress_learning_management_system_:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.900", + "matchCriteriaId": "8E9B4AA5-124B-4123-83D3-B25B5B7B99DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wplms/wordpress-wplms-theme-4-600-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36693.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36693.json index 9634de7fb9a..5b8ab7d2ea2 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36693.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36693", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T10:15:10.963", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:46:25.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp_rss_images_project:wp_rss_images:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "32A2BBE2-A2BD-459C-B87B-3656BA1CEEE2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-rss-images/wordpress-wp-rss-images-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36748.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36748.json index 30f49972386..51563ce364c 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36748.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36748.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36748", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.033", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:40:40.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36749.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36749.json index 3248312ae35..c0eeafc8204 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36749.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36749.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36749", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.103", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:57:14.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36750.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36750.json index d88a8a4b869..fed4510131b 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36750.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36750.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36750", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.170", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:28:19.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36751.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36751.json index 26db32fb52c..78e09ce4d91 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36751.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36751.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36751", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.233", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:34:49.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36752.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36752.json index 45db26fab17..f060e4c6355 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36752.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36752.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36752", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.297", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:36:28.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36753.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36753.json index 56e92f4513b..42cd6cb9fc4 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36753.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36753.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36753", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.360", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:39:45.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36754.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36754.json index 20626ce2da2..d47c6eb38ca 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36754.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36754.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36754", "sourceIdentifier": "productcert@siemens.com", "published": "2023-07-11T10:15:11.427", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:48:34.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +76,323 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.0", + "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36917.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36917.json index 26a68c81566..871bceffc06 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36917.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36917.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36917", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:10.117", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:01:51.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*", + "matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*", + "matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3320702", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36918.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36918.json index 779afa17310..98cd550e18a 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36918.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36918.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36918", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:10.177", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:18:05.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:enable_now:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D9E5418-8D10-48C4-93AF-0B036893B093" + } + ] + } + ] + } + ], "references": [ { "url": "https://launchpad.support.sap.com/#/notes/3326769", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36919.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36919.json index dd43c6fd983..15246edebbe 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36919.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36919.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36919", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:10.237", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:17:10.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + }, + { + "source": "cna@sap.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:enable_now:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D9E5418-8D10-48C4-93AF-0B036893B093" + } + ] + } + ] + } + ], "references": [ { "url": "https://launchpad.support.sap.com/#/notes/3326769", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36921.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36921.json index 0849c28e550..dfdf3dc6332 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36921.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36921.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36921", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:10.297", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:58:01.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + }, + { + "source": "cna@sap.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*", + "matchCriteriaId": "AF78CCAF-7998-4C44-AA4D-B443DBEDAB00" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3348145", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36922.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36922.json index 3b07a305bbc..2538a38ac6a 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36922.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36922.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36922", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:10.357", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:28:08.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +64,119 @@ "value": "CWE-78" } ] + }, + { + "source": "cna@sap.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:600:*:*:*:*:*:*:*", + "matchCriteriaId": "BDC771C8-70C7-4EA4-BF13-9153175F652F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:602:*:*:*:*:*:*:*", + "matchCriteriaId": "D95174DD-6513-469F-911D-61FEF490BF44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:603:*:*:*:*:*:*:*", + "matchCriteriaId": "A78F0A5A-514B-49C6-82E1-788049D4624A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:604:*:*:*:*:*:*:*", + "matchCriteriaId": "92CF95AB-7222-4BB9-A01B-CC9BB0548DBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:605:*:*:*:*:*:*:*", + "matchCriteriaId": "8941EEEA-F588-419D-A72C-177A669D450B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:606:*:*:*:*:*:*:*", + "matchCriteriaId": "94616B3E-ADE0-45E2-A3B8-B545E7E0BB0F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:617:*:*:*:*:*:*:*", + "matchCriteriaId": "345E8B05-AE80-401D-895D-918136E5D738" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:618:*:*:*:*:*:*:*", + "matchCriteriaId": "6B5038E3-5515-41C5-8C89-D839D5AE60DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:800:*:*:*:*:*:*:*", + "matchCriteriaId": "4BE09533-102E-492F-ACAE-5B959885EE45" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:802:*:*:*:*:*:*:*", + "matchCriteriaId": "70FA0AC8-D377-4800-9365-2EAD15C108C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:803:*:*:*:*:*:*:*", + "matchCriteriaId": "364A7BFE-3EAE-4897-B198-BEE1DCEB2163" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:804:*:*:*:*:*:*:*", + "matchCriteriaId": "2A119858-00D2-44CA-9C9D-9BEAFC8BD3CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:805:*:*:*:*:*:*:*", + "matchCriteriaId": "5781D666-9439-4D4D-A0F6-DDA6763439CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:806:*:*:*:*:*:*:*", + "matchCriteriaId": "19188AD7-2B5F-48E9-81B2-30A60F009432" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:807:*:*:*:*:*:*:*", + "matchCriteriaId": "5C4EDC18-FBD1-473C-82F8-940097CE8C1C" + } + ] + } + ] } ], "references": [ { "url": "https://me.sap.com/notes/3350297", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36925.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36925.json index 0f39ba25108..4cbf8967287 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36925.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36925.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36925", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:10.477", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:50:56.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*", + "matchCriteriaId": "AF78CCAF-7998-4C44-AA4D-B443DBEDAB00" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3352058", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36936.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36936.json index 1d3761d1586..c926795f337 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36936.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36936.json @@ -2,23 +2,83 @@ "id": "CVE-2023-36936", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-10T18:15:10.897", - "lastModified": "2023-07-10T18:15:29.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:24:20.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:online_security_guards_hiring_system_project:online_security_guards_hiring_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2F2B06F6-4201-4A29-8956-1AF54C24159A" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@ridheshgohil1092/cve-2023-36936-xss-online-security-guards-hiring-system-773f394f6117", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://packetstormsecurity.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36939.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36939.json index 57b1169fed0..bdb66e1e7b6 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36939.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36939.json @@ -2,23 +2,83 @@ "id": "CVE-2023-36939", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-10T18:15:10.963", - "lastModified": "2023-07-10T18:15:29.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:56:45.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@ridheshgohil1092/cve-2023-36939-xss-online-security-guards-hiring-system-7547ee114134", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://packetstormsecurity.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3606.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3606.json index ac16a42b0f5..e5e8858531e 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3606.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3606.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3606", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-10T21:15:10.823", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:24:08.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tamronos:tamronos:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20230703", + "matchCriteriaId": "B58586B8-7A24-4406-8E27-A8762CFD5E3A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/d4n-sec/cve/blob/main/TamronOS%20IPTV.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.233475", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.233475", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3620.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3620.json index 8295147571b..7bedc019a4a 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3620.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3620.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3620", "sourceIdentifier": "security@huntr.dev", "published": "2023-07-11T15:15:20.637", - "lastModified": "2023-07-11T16:16:52.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:05:29.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tarteaucitron:tarteaucitron:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "1.13.1", + "matchCriteriaId": "7BCD29D2-E8F4-49F7-BCDA-DD6F4FDB94C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/amauric/tarteaucitron.js/commit/c4c2fcf2b2212ce968bdcae145bb74283c441e5f", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] }, { "url": "https://huntr.dev/bounties/a0fd0671-f051-4d41-8928-9b19819084c9", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3627.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3627.json index 664d11c0e76..e596cee0751 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3627.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3627.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3627", "sourceIdentifier": "security@huntr.dev", "published": "2023-07-11T17:15:13.570", - "lastModified": "2023-07-12T12:46:51.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:58:32.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,7 +58,7 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +66,53 @@ "value": "CWE-352" } ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.3.1", + "matchCriteriaId": "719E30C6-0E5A-4D80-B21F-18134A732976" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/salesagility/suitecrm-core/commit/78285702d76317f081b1fbc59cb2754e93b9a4c3", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/558b3dce-db03-47ba-b60b-c6eb578e04f1", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37259.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37259.json new file mode 100644 index 00000000000..31e4e278207 --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37259.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37259", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-18T17:15:11.490", + "lastModified": "2023-07-18T17:33:48.187", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. This issue has been addressed in commit `22fcd34c60` which is included in release version 3.76.0. Users are advised to upgrade. The only known workaround for this issue is to disable or to not use the Export Chat feature." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37261.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37261.json index e65de904738..e3a412a5697 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37261.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37261.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37261", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-07T21:15:09.303", - "lastModified": "2023-07-08T10:25:54.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:12:11.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,34 +66,74 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opencomputers:opencomputers:*:*:*:*:*:minecraft:*:*", + "versionStartIncluding": "1.2.0", + "versionEndExcluding": "1.8.3", + "matchCriteriaId": "8DE41EF6-7537-4DE9-AA2D-B91BECF734BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MightyPirates/OpenComputers/blob/5b2ba76a4c242b369b9b6ac6196fd04d96580ad0/src/main/resources/application.conf#L966-L986", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/MightyPirates/OpenComputers/blob/5b2ba76a4c242b369b9b6ac6196fd04d96580ad0/src/main/scala/li/cil/oc/Settings.scala#L614-L637", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/MightyPirates/OpenComputers/commit/d13c015357fd6c42e0a1bdd6e1ef9462f0450a15", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MightyPirates/OpenComputers/issues/2365", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/MightyPirates/OpenComputers/releases/tag/1.12.2-forge%2F1.8.3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/MightyPirates/OpenComputers/security/advisories/GHSA-vvfj-xh7c-j2cm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/cc-tweaked/CC-Tweaked/security/advisories/GHSA-7p4w-mv69-2wm2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37262.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37262.json index 443a741932b..f86fe615017 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37262.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37262.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37262", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-07T21:15:09.393", - "lastModified": "2023-07-08T10:25:54.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:12:57.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +66,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tweaked:cc-tweaked:*:*:*:*:*:minecraft:*:*", + "versionEndExcluding": "1.16.5-1.101.3", + "matchCriteriaId": "6543780A-8A9B-4562-932C-60B6FC60C221" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tweaked:cc-tweaked:*:*:*:*:*:minecraft:*:*", + "versionStartIncluding": "1.17.1-1.98.1", + "versionEndExcluding": "1.18.2-1.101.3", + "matchCriteriaId": "0C935D89-E88C-4143-BD3B-6F4D18DD2C28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tweaked:cc-tweaked:*:*:*:*:*:minecraft:*:*", + "versionStartIncluding": "1.19.1-1.100.9", + "versionEndExcluding": "1.19.2-1.101.3", + "matchCriteriaId": "9FE5FF3D-BA6E-410F-8249-C52F8DB30893" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tweaked:cc-tweaked:*:*:*:*:*:minecraft:*:*", + "versionStartIncluding": "1.19.3-1.102.0", + "versionEndExcluding": "1.19.4-1.106.0", + "matchCriteriaId": "A75D740A-E648-4BB6-8E19-833273F0F0EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tweaked:cc-tweaked:*:*:*:*:*:minecraft:*:*", + "versionStartIncluding": "1.20.1-1.105.0", + "versionEndExcluding": "1.20.1-1.106.0", + "matchCriteriaId": "C4E8E115-C213-4CCF-80D2-B6BDF733DE3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MightyPirates/OpenComputers/security/advisories/GHSA-vvfj-xh7c-j2cm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/cc-tweaked/CC-Tweaked/blob/96847bb8c28df51e5e49f2dd2978ff6cc4e2821b/projects/core/src/main/java/dan200/computercraft/core/apis/http/options/AddressPredicate.java#L116-L126", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/cc-tweaked/CC-Tweaked/commit/4bbde8c50c00bc572578ab2cff609b3443d10ddf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/cc-tweaked/CC-Tweaked/security/advisories/GHSA-7p4w-mv69-2wm2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/dan200/ComputerCraft/issues/170", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37264.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37264.json index 0eb9e6672a6..c9c74103872 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37264.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37264.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37264", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-07T17:15:10.280", - "lastModified": "2023-07-07T17:36:20.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T17:55:49.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*", + "versionStartIncluding": "0.35.0", + "matchCriteriaId": "9F5B5FDA-C91A-4F35-8640-FD9CE0871349" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit" + ] }, { "url": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37391.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37391.json index cc6b32241d5..31b8114948d 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37391.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37391.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37391", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-11T10:15:11.947", - "lastModified": "2023-07-11T12:43:16.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T18:20:32.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.4.1", + "matchCriteriaId": "6DAF0718-CD4E-498C-AE09-F6C7F225083F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37477.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37477.json new file mode 100644 index 00000000000..2021f1b897c --- /dev/null +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37477.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37477", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-18T19:15:09.757", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 1Panel firewall functionality `/hosts/firewall/ip` endpoint read user input without validation, the attacker extends the default functionality of the application, which execute system commands. An attacker can execute arbitrary code on the target system, which can lead to a complete compromise of the system. This issue has been addressed in commit `e17b80cff49` which is included in release version `1.4.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/1Panel-dev/1Panel/commit/e17b80cff4975ee343568ff526b62319f499005d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-p9xf-74xh-mhw5", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37480.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37480.json new file mode 100644 index 00000000000..b8633a169ec --- /dev/null +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37480.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37480", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-18T19:15:09.840", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading. If an attack occurs, the impact can be mitigated by manually or automatically restarting the affected container.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ethyca/fides/commit/5aea738463960d81821c11ae7ade1d627a46bf32", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ethyca/fides/security/advisories/GHSA-g95c-2jgm-hqc6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37481.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37481.json new file mode 100644 index 00000000000..92330988f45 --- /dev/null +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37481.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37481", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-18T19:15:09.927", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ethyca/fides/commit/8beaace082b325e693dc7682029a3cb7e6c2b69d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ethyca/fides/security/advisories/GHSA-3rw2-wfc8-wmj5", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37597.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37597.json index 63321626144..fe2ec9c992e 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37597.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37597.json @@ -2,23 +2,82 @@ "id": "CVE-2023-37597", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T17:15:13.347", - "lastModified": "2023-07-12T12:46:51.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T19:34:24.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:issabel:pbx:4.0.0-6:*:*:*:*:*:*:*", + "matchCriteriaId": "D1A5E56B-4B74-4BF7-ACF5-1D9F3C0FC0FF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sahiloj/CVE-2023-37597/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://reference2.example.com/index.php?menu=grouplist", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37656.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37656.json index ea3ec5bc6ed..6dad67af300 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37656.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37656.json @@ -2,19 +2,75 @@ "id": "CVE-2023-37656", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T14:15:09.677", - "lastModified": "2023-07-11T14:27:23.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:16:53.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:websiteguide_project:websiteguide:0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "45B73FA6-C12A-4327-AE63-F32D54E9D91A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mizhexiaoxiao/WebsiteGuide/issues/12", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37657.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37657.json index 56b8c73b380..2ae28f03840 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37657.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37657.json @@ -2,19 +2,76 @@ "id": "CVE-2023-37657", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T15:15:20.367", - "lastModified": "2023-07-11T16:16:52.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T16:11:44.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lm21:twonav:2.0.28-20230624:*:*:*:*:*:*:*", + "matchCriteriaId": "6C3C9DAB-B41F-45E8-B1C9-A150E6044C42" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/tznb1/TwoNav/issues/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37758.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37758.json new file mode 100644 index 00000000000..3e29dd5d156 --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37758.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-37758", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T19:15:10.007", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://hackmd.io/@pSgS7xsnS5a4K7Y0yiB43g/rJr8oNn_n", + "source": "cve@mitre.org" + }, + { + "url": "https://support.dlink.ca/productinfo.aspx?m=dir-815", + "source": "cve@mitre.org" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37788.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37788.json new file mode 100644 index 00000000000..30aa6988695 --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37788.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37788", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-18T19:15:10.060", + "lastModified": "2023-07-18T19:49:32.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/elazarl/goproxy", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/elazarl/goproxy/issues/502", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38257.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38257.json new file mode 100644 index 00000000000..fb71030c8dd --- /dev/null +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38257.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38257", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-07-18T18:15:12.620", + "lastModified": "2023-07-18T18:24:48.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 72dbc1f9b7f..68f290aaf39 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-18T16:00:43.862070+00:00 +2023-07-18T20:00:27.911740+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-18T15:58:11.400000+00:00 +2023-07-18T19:58:32.613000+00:00 ``` ### Last Data Feed Release @@ -29,67 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -220547 +220576 ``` ### CVEs added in the last Commit -Recently added CVEs: `23` +Recently added CVEs: `29` -* [CVE-2020-23909](CVE-2020/CVE-2020-239xx/CVE-2020-23909.json) (`2023-07-18T14:15:11.423`) -* [CVE-2020-23910](CVE-2020/CVE-2020-239xx/CVE-2020-23910.json) (`2023-07-18T14:15:11.483`) -* [CVE-2020-23911](CVE-2020/CVE-2020-239xx/CVE-2020-23911.json) (`2023-07-18T14:15:11.537`) -* [CVE-2020-36762](CVE-2020/CVE-2020-367xx/CVE-2020-36762.json) (`2023-07-18T15:15:11.133`) -* [CVE-2021-32256](CVE-2021/CVE-2021-322xx/CVE-2021-32256.json) (`2023-07-18T14:15:11.610`) -* [CVE-2021-33294](CVE-2021/CVE-2021-332xx/CVE-2021-33294.json) (`2023-07-18T14:15:11.673`) -* [CVE-2021-34119](CVE-2021/CVE-2021-341xx/CVE-2021-34119.json) (`2023-07-18T14:15:11.727`) -* [CVE-2021-34121](CVE-2021/CVE-2021-341xx/CVE-2021-34121.json) (`2023-07-18T14:15:11.780`) -* [CVE-2021-34123](CVE-2021/CVE-2021-341xx/CVE-2021-34123.json) (`2023-07-18T14:15:11.837`) -* [CVE-2022-26563](CVE-2022/CVE-2022-265xx/CVE-2022-26563.json) (`2023-07-18T14:15:11.907`) -* [CVE-2022-33064](CVE-2022/CVE-2022-330xx/CVE-2022-33064.json) (`2023-07-18T14:15:11.973`) -* [CVE-2022-33065](CVE-2022/CVE-2022-330xx/CVE-2022-33065.json) (`2023-07-18T14:15:12.033`) -* [CVE-2022-34155](CVE-2022/CVE-2022-341xx/CVE-2022-34155.json) (`2023-07-18T14:15:12.093`) -* [CVE-2022-41409](CVE-2022/CVE-2022-414xx/CVE-2022-41409.json) (`2023-07-18T14:15:12.197`) -* [CVE-2022-47085](CVE-2022/CVE-2022-470xx/CVE-2022-47085.json) (`2023-07-18T14:15:12.263`) -* [CVE-2022-47421](CVE-2022/CVE-2022-474xx/CVE-2022-47421.json) (`2023-07-18T15:15:11.363`) -* [CVE-2023-32965](CVE-2023/CVE-2023-329xx/CVE-2023-32965.json) (`2023-07-18T14:15:12.403`) -* [CVE-2023-24390](CVE-2023/CVE-2023-243xx/CVE-2023-24390.json) (`2023-07-18T15:15:11.467`) -* [CVE-2023-30906](CVE-2023/CVE-2023-309xx/CVE-2023-30906.json) (`2023-07-18T14:15:12.333`) -* [CVE-2023-31441](CVE-2023/CVE-2023-314xx/CVE-2023-31441.json) (`2023-07-18T15:15:11.663`) -* [CVE-2023-36120](CVE-2023/CVE-2023-361xx/CVE-2023-36120.json) (`2023-07-18T15:15:11.720`) -* [CVE-2023-36383](CVE-2023/CVE-2023-363xx/CVE-2023-36383.json) (`2023-07-18T15:15:11.777`) -* [CVE-2023-36384](CVE-2023/CVE-2023-363xx/CVE-2023-36384.json) (`2023-07-18T15:15:11.867`) +* [CVE-2023-33265](CVE-2023/CVE-2023-332xx/CVE-2023-33265.json) (`2023-07-18T16:15:11.693`) +* [CVE-2023-34035](CVE-2023/CVE-2023-340xx/CVE-2023-34035.json) (`2023-07-18T16:15:11.753`) +* [CVE-2023-0160](CVE-2023/CVE-2023-01xx/CVE-2023-0160.json) (`2023-07-18T17:15:11.313`) +* [CVE-2023-33231](CVE-2023/CVE-2023-332xx/CVE-2023-33231.json) (`2023-07-18T17:15:11.397`) +* [CVE-2023-37259](CVE-2023/CVE-2023-372xx/CVE-2023-37259.json) (`2023-07-18T17:15:11.490`) +* [CVE-2023-28019](CVE-2023/CVE-2023-280xx/CVE-2023-28019.json) (`2023-07-18T18:15:11.817`) +* [CVE-2023-33312](CVE-2023/CVE-2023-333xx/CVE-2023-33312.json) (`2023-07-18T18:15:11.897`) +* [CVE-2023-33329](CVE-2023/CVE-2023-333xx/CVE-2023-33329.json) (`2023-07-18T18:15:11.997`) +* [CVE-2023-33871](CVE-2023/CVE-2023-338xx/CVE-2023-33871.json) (`2023-07-18T18:15:12.097`) +* [CVE-2023-34329](CVE-2023/CVE-2023-343xx/CVE-2023-34329.json) (`2023-07-18T18:15:12.193`) +* [CVE-2023-34330](CVE-2023/CVE-2023-343xx/CVE-2023-34330.json) (`2023-07-18T18:15:12.287`) +* [CVE-2023-35189](CVE-2023/CVE-2023-351xx/CVE-2023-35189.json) (`2023-07-18T18:15:12.370`) +* [CVE-2023-35763](CVE-2023/CVE-2023-357xx/CVE-2023-35763.json) (`2023-07-18T18:15:12.460`) +* [CVE-2023-36669](CVE-2023/CVE-2023-366xx/CVE-2023-36669.json) (`2023-07-18T18:15:12.553`) +* [CVE-2023-38257](CVE-2023/CVE-2023-382xx/CVE-2023-38257.json) (`2023-07-18T18:15:12.620`) +* [CVE-2023-28020](CVE-2023/CVE-2023-280xx/CVE-2023-28020.json) (`2023-07-18T19:15:09.437`) +* [CVE-2023-28021](CVE-2023/CVE-2023-280xx/CVE-2023-28021.json) (`2023-07-18T19:15:09.503`) +* [CVE-2023-30153](CVE-2023/CVE-2023-301xx/CVE-2023-30153.json) (`2023-07-18T19:15:09.573`) +* [CVE-2023-30383](CVE-2023/CVE-2023-303xx/CVE-2023-30383.json) (`2023-07-18T19:15:09.643`) +* [CVE-2023-36670](CVE-2023/CVE-2023-366xx/CVE-2023-36670.json) (`2023-07-18T19:15:09.703`) +* [CVE-2023-37477](CVE-2023/CVE-2023-374xx/CVE-2023-37477.json) (`2023-07-18T19:15:09.757`) +* [CVE-2023-37480](CVE-2023/CVE-2023-374xx/CVE-2023-37480.json) (`2023-07-18T19:15:09.840`) +* [CVE-2023-37481](CVE-2023/CVE-2023-374xx/CVE-2023-37481.json) (`2023-07-18T19:15:09.927`) +* [CVE-2023-37758](CVE-2023/CVE-2023-377xx/CVE-2023-37758.json) (`2023-07-18T19:15:10.007`) +* [CVE-2023-37788](CVE-2023/CVE-2023-377xx/CVE-2023-37788.json) (`2023-07-18T19:15:10.060`) ### CVEs modified in the last Commit -Recently modified CVEs: `32` +Recently modified CVEs: `96` -* [CVE-2023-25036](CVE-2023/CVE-2023-250xx/CVE-2023-25036.json) (`2023-07-18T14:11:49.930`) -* [CVE-2023-37386](CVE-2023/CVE-2023-373xx/CVE-2023-37386.json) (`2023-07-18T14:11:49.930`) -* [CVE-2023-37387](CVE-2023/CVE-2023-373xx/CVE-2023-37387.json) (`2023-07-18T14:11:49.930`) -* [CVE-2023-37889](CVE-2023/CVE-2023-378xx/CVE-2023-37889.json) (`2023-07-18T14:11:49.930`) -* [CVE-2023-37892](CVE-2023/CVE-2023-378xx/CVE-2023-37892.json) (`2023-07-18T14:11:49.930`) -* [CVE-2023-37973](CVE-2023/CVE-2023-379xx/CVE-2023-37973.json) (`2023-07-18T14:11:49.930`) -* [CVE-2023-23777](CVE-2023/CVE-2023-237xx/CVE-2023-23777.json) (`2023-07-18T14:40:59.550`) -* [CVE-2023-34015](CVE-2023/CVE-2023-340xx/CVE-2023-34015.json) (`2023-07-18T14:47:17.697`) -* [CVE-2023-37374](CVE-2023/CVE-2023-373xx/CVE-2023-37374.json) (`2023-07-18T14:53:37.517`) -* [CVE-2023-37375](CVE-2023/CVE-2023-373xx/CVE-2023-37375.json) (`2023-07-18T14:55:14.487`) -* [CVE-2023-37376](CVE-2023/CVE-2023-373xx/CVE-2023-37376.json) (`2023-07-18T14:56:17.227`) -* [CVE-2023-37246](CVE-2023/CVE-2023-372xx/CVE-2023-37246.json) (`2023-07-18T14:57:38.210`) -* [CVE-2023-37247](CVE-2023/CVE-2023-372xx/CVE-2023-37247.json) (`2023-07-18T15:02:30.907`) -* [CVE-2023-37248](CVE-2023/CVE-2023-372xx/CVE-2023-37248.json) (`2023-07-18T15:03:03.557`) -* [CVE-2023-37152](CVE-2023/CVE-2023-371xx/CVE-2023-37152.json) (`2023-07-18T15:11:01.287`) -* [CVE-2023-37658](CVE-2023/CVE-2023-376xx/CVE-2023-37658.json) (`2023-07-18T15:14:27.157`) -* [CVE-2023-3580](CVE-2023/CVE-2023-35xx/CVE-2023-3580.json) (`2023-07-18T15:14:36.807`) -* [CVE-2023-37659](CVE-2023/CVE-2023-376xx/CVE-2023-37659.json) (`2023-07-18T15:17:31.407`) -* [CVE-2023-36691](CVE-2023/CVE-2023-366xx/CVE-2023-36691.json) (`2023-07-18T15:18:17.570`) -* [CVE-2023-35887](CVE-2023/CVE-2023-358xx/CVE-2023-35887.json) (`2023-07-18T15:30:37.763`) -* [CVE-2023-36755](CVE-2023/CVE-2023-367xx/CVE-2023-36755.json) (`2023-07-18T15:41:50.873`) -* [CVE-2023-36386](CVE-2023/CVE-2023-363xx/CVE-2023-36386.json) (`2023-07-18T15:45:46.237`) -* [CVE-2023-29130](CVE-2023/CVE-2023-291xx/CVE-2023-29130.json) (`2023-07-18T15:53:09.663`) -* [CVE-2023-36517](CVE-2023/CVE-2023-365xx/CVE-2023-36517.json) (`2023-07-18T15:57:59.233`) -* [CVE-2023-37277](CVE-2023/CVE-2023-372xx/CVE-2023-37277.json) (`2023-07-18T15:58:11.400`) +* [CVE-2023-33987](CVE-2023/CVE-2023-339xx/CVE-2023-33987.json) (`2023-07-18T18:31:55.367`) +* [CVE-2023-36751](CVE-2023/CVE-2023-367xx/CVE-2023-36751.json) (`2023-07-18T18:34:49.170`) +* [CVE-2023-36752](CVE-2023/CVE-2023-367xx/CVE-2023-36752.json) (`2023-07-18T18:36:28.237`) +* [CVE-2023-36753](CVE-2023/CVE-2023-367xx/CVE-2023-36753.json) (`2023-07-18T18:39:45.780`) +* [CVE-2023-36754](CVE-2023/CVE-2023-367xx/CVE-2023-36754.json) (`2023-07-18T18:48:34.160`) +* [CVE-2023-35091](CVE-2023/CVE-2023-350xx/CVE-2023-35091.json) (`2023-07-18T18:55:10.323`) +* [CVE-2023-2078](CVE-2023/CVE-2023-20xx/CVE-2023-2078.json) (`2023-07-18T18:55:55.483`) +* [CVE-2023-2079](CVE-2023/CVE-2023-20xx/CVE-2023-2079.json) (`2023-07-18T18:56:25.230`) +* [CVE-2023-35773](CVE-2023/CVE-2023-357xx/CVE-2023-35773.json) (`2023-07-18T19:02:54.077`) +* [CVE-2023-36522](CVE-2023/CVE-2023-365xx/CVE-2023-36522.json) (`2023-07-18T19:04:40.830`) +* [CVE-2023-22835](CVE-2023/CVE-2023-228xx/CVE-2023-22835.json) (`2023-07-18T19:06:22.630`) +* [CVE-2023-3105](CVE-2023/CVE-2023-31xx/CVE-2023-3105.json) (`2023-07-18T19:07:33.087`) +* [CVE-2023-3093](CVE-2023/CVE-2023-30xx/CVE-2023-3093.json) (`2023-07-18T19:07:51.850`) +* [CVE-2023-3092](CVE-2023/CVE-2023-30xx/CVE-2023-3092.json) (`2023-07-18T19:08:02.230`) +* [CVE-2023-3088](CVE-2023/CVE-2023-30xx/CVE-2023-3088.json) (`2023-07-18T19:08:18.600`) +* [CVE-2023-3087](CVE-2023/CVE-2023-30xx/CVE-2023-3087.json) (`2023-07-18T19:08:42.373`) +* [CVE-2023-3082](CVE-2023/CVE-2023-30xx/CVE-2023-3082.json) (`2023-07-18T19:09:28.370`) +* [CVE-2023-3081](CVE-2023/CVE-2023-30xx/CVE-2023-3081.json) (`2023-07-18T19:10:30.100`) +* [CVE-2023-36690](CVE-2023/CVE-2023-366xx/CVE-2023-36690.json) (`2023-07-18T19:16:44.627`) +* [CVE-2023-2746](CVE-2023/CVE-2023-27xx/CVE-2023-2746.json) (`2023-07-18T19:26:41.327`) +* [CVE-2023-37597](CVE-2023/CVE-2023-375xx/CVE-2023-37597.json) (`2023-07-18T19:34:24.600`) +* [CVE-2023-30963](CVE-2023/CVE-2023-309xx/CVE-2023-30963.json) (`2023-07-18T19:42:11.047`) +* [CVE-2023-30960](CVE-2023/CVE-2023-309xx/CVE-2023-30960.json) (`2023-07-18T19:49:10.280`) +* [CVE-2023-30956](CVE-2023/CVE-2023-309xx/CVE-2023-30956.json) (`2023-07-18T19:51:43.570`) +* [CVE-2023-3627](CVE-2023/CVE-2023-36xx/CVE-2023-3627.json) (`2023-07-18T19:58:32.613`) ## Download and Usage