diff --git a/CVE-2019/CVE-2019-172xx/CVE-2019-17201.json b/CVE-2019/CVE-2019-172xx/CVE-2019-17201.json index 6e2179aa70c..39c891b8411 100644 --- a/CVE-2019/CVE-2019-172xx/CVE-2019-17201.json +++ b/CVE-2019/CVE-2019-172xx/CVE-2019-17201.json @@ -2,8 +2,8 @@ "id": "CVE-2019-17201", "sourceIdentifier": "cve@mitre.org", "published": "2020-01-23T15:15:13.303", - "lastModified": "2023-01-12T16:14:38.113", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-25T17:15:11.100", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -122,6 +122,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.adminbyrequest.com/en/releasenotes", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2019/CVE-2019-172xx/CVE-2019-17202.json b/CVE-2019/CVE-2019-172xx/CVE-2019-17202.json index b397d14f098..f0a15b69e66 100644 --- a/CVE-2019/CVE-2019-172xx/CVE-2019-17202.json +++ b/CVE-2019/CVE-2019-172xx/CVE-2019-17202.json @@ -2,8 +2,8 @@ "id": "CVE-2019-17202", "sourceIdentifier": "cve@mitre.org", "published": "2020-01-23T15:15:13.380", - "lastModified": "2023-01-12T16:15:11.397", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-25T17:15:11.630", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -122,6 +122,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.adminbyrequest.com/en/releasenotes", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47157.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47157.json index 7a29ea98ccd..5b83735f746 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47157.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47157.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47157", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T11:15:09.150", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:31:39.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webhammer:wp_custom_fields_search:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.35", + "matchCriteriaId": "B9AE98A3-F118-45D3-9E0B-8F3005EF8E43" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-custom-fields-search/wordpress-wp-custom-fields-search-plugin-1-2-34-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4870.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4870.json index d561fe36274..1b27fe51aa5 100644 --- a/CVE-2022/CVE-2022-48xx/CVE-2022-4870.json +++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4870.json @@ -2,19 +2,83 @@ "id": "CVE-2022-4870", "sourceIdentifier": "security@octopus.com", "published": "2023-05-18T00:15:09.103", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:41:06.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In affected versions of Octopus Deploy it is possible to discover network details via error message" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "2023.1.9879", + "matchCriteriaId": "23E47E0F-1730-4367-99E0-BF3A5064C4A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.2.2028", + "versionEndExcluding": "2023.2.8159", + "matchCriteriaId": "F795BAEA-60E1-4361-8866-C84BA64F2915" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisories.octopus.com/post/2023/sa2023-09/", - "source": "security@octopus.com" + "source": "security@octopus.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1859.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1859.json index 7a89e95ec7c..79130db36ab 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1859.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1859.json @@ -2,16 +2,49 @@ "id": "CVE-2023-1859", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-17T23:15:09.100", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:13:43.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,10 +56,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.2", + "matchCriteriaId": "D899AD4C-DFAB-4E25-AA25-53ED1A91A9CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", + "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3583026A-27EC-4A4C-850A-83F2AF970673" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:*", + "matchCriteriaId": "DC271202-7570-4505-89A4-D602D47BFD00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc5:*:*:*:*:*:*", + "matchCriteriaId": "D413BB6D-4F74-4C7D-9163-47786619EF53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc6:*:*:*:*:*:*", + "matchCriteriaId": "F4D613FB-9976-4989-8C4A-567773373CEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz@163.com/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1972.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1972.json index c7f3e7cd30d..c9d2bf78cc6 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1972.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1972.json @@ -2,16 +2,49 @@ "id": "CVE-2023-1972", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-17T22:15:10.827", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:26:20.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,14 +56,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.40", + "matchCriteriaId": "BD7FA623-F666-4B70-8138-BAB2C5C9D6D2" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185646", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30285", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json index ffbfb8c0f48..9110b18e255 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2124", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-15T22:15:12.150", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:34:31.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.3", + "matchCriteriaId": "DB688D87-8482-4514-9659-6AF409C43C3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2195.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2195.json index df104aa2268..59467d44080 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2195.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2195.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2195", "sourceIdentifier": "disclosure@synopsys.com", "published": "2023-05-16T19:15:08.997", - "lastModified": "2023-05-16T20:04:03.627", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:10:19.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:code_dx:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "814BAE77-3324-4908-89D4-9A3A63B690FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3118", - "source": "disclosure@synopsys.com" + "source": "disclosure@synopsys.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2196.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2196.json index 5c65082b4c1..dc7c3fdf316 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2196.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2196.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2196", "sourceIdentifier": "disclosure@synopsys.com", "published": "2023-05-16T18:15:16.620", - "lastModified": "2023-05-16T20:04:03.627", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:15:53.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:code_dx:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "814BAE77-3324-4908-89D4-9A3A63B690FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3145", - "source": "disclosure@synopsys.com" + "source": "disclosure@synopsys.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22348.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22348.json index 2aa34e7f793..e44bb31ab52 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22348.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22348.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22348", "sourceIdentifier": "security@checkmk.com", "published": "2023-05-17T16:15:09.110", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:35:38.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -46,10 +76,251 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.1.0", + "matchCriteriaId": "F8909212-9DCE-4B14-A240-5CDA98CFDC6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*", + "matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "002EF417-C702-42E2-9C8F-C9593B43AB03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "B8E358A9-0430-4EF1-8557-7F1C088FFF48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "4B0AF395-FDC7-4321-9E00-C935641C138B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "59B9CCED-806F-47EF-B5B6-441AADCB4B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "FAED2CD5-A2CE-438C-8ED7-338D9D61FBD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "F08A96EF-FD2E-4D45-884B-349869649C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "E80D718E-66B6-4FC6-911D-C264F2C891C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "174BF76A-00C5-4ECD-937D-FE66851D3979" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "F43DBAE4-FEF9-431E-AE82-31C7944CA830" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "7AF612FF-7441-41C4-96C2-36A15E45FF93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "5FFBF793-48E0-48DB-9C12-1C4A5805009E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "B6A2F0DB-CA73-4F14-8099-7A29BADC1F4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "5D23ECB8-9C2C-4BA5-ADD6-248FD2CFF37A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "9958D126-EF50-4ED7-85A3-6E5120EFB931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "5D9B3F5F-158A-4C43-A894-1A55D1D758FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "17729C6D-3DD1-4082-B3AF-B53770304F7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "2E34014C-90A0-4ABB-A15F-73E83F312246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "C0DCB95E-CC14-40BF-A7E4-1CD9075E2785" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "8400088B-E56E-4D0B-86D5-76D884C8031A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "29554684-FEFF-42B2-B62E-6523782F537C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "91AE66E4-AE6B-4F25-9312-6418FC3E221F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "A954DDB4-ACF5-4D74-B735-0BB14762457C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "F4E9D8E0-ECFF-4987-8189-F6A5917D39B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "7CDF16A7-E9BC-488B-A0DF-91B7F79C2D7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "EF3C4AB5-966A-46CD-8774-7BD4115FC80B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "580C70A7-387E-4650-9DBA-D7AA0BFDB1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "343C5CD6-48ED-4693-BC2A-549A43F02931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "18F1E6EC-5866-4338-9772-92EB01E0A184" + } + ] + } + ] + } + ], "references": [ { "url": "https://checkmk.com/werk/13982", - "source": "security@checkmk.com" + "source": "security@checkmk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2203.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2203.json index 59c6aa818ca..cd0bef88a92 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2203.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2203.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2203", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-17T22:15:10.943", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:25:51.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,22 +56,102 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webkitgtk:webkit2gtk3:2.38.5-1.el8:*:*:*:*:*:*:*", + "matchCriteriaId": "6BB73A61-D849-4CF2-964C-14D81547E142" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webkitgtk:webkit2gtk3:2.38.5-1.el9:*:*:*:*:*:*:*", + "matchCriteriaId": "A43FB56A-1885-47D6-9126-A8531FCB44C6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "0CD25A35-9C2B-4382-8720-4E39F928170B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:2653", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:3108", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-2203", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188543", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2295.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2295.json index 68ef3f11d69..4824d773760 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2295.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2295.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2295", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-17T23:15:09.250", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:35:57.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,22 +56,101 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libreswan:libreswan:4.9-1.el8:*:*:*:*:*:*:*", + "matchCriteriaId": "1DBF5B0F-6997-40E6-A692-D08DDA0A20A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libreswan:libreswan:4.9-1.el9:*:*:*:*:*:*:*", + "matchCriteriaId": "ECE181EC-23BC-448C-92EB-5660D6A1F59E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "0CD25A35-9C2B-4382-8720-4E39F928170B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:3107", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:3148", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-2295", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189777", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23667.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23667.json index a9974a0d3f7..c2bc5f28291 100644 --- a/CVE-2023/CVE-2023-236xx/CVE-2023-23667.json +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23667.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23667", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T11:15:09.223", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:30:02.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:berocket:brands_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.7.0.6", + "matchCriteriaId": "03F63627-79EE-459B-AA6D-4BC9EA245A89" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/brands-for-woocommerce/wordpress-brands-for-woocommerce-plugin-3-7-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23999.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23999.json index 72d4bc278d3..67c41db570d 100644 --- a/CVE-2023/CVE-2023-239xx/CVE-2023-23999.json +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23999.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23999", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T11:15:09.293", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:29:32.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:monsterinsights:google_analytics_dashboard:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.14.1", + "matchCriteriaId": "F0547346-543B-486F-83E4-638FC5860CB6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/google-analytics-for-wordpress/wordpress-google-analytics-by-monsterinsights-plugin-8-14-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24805.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24805.json index c54b2fd441b..09d73e8677c 100644 --- a/CVE-2023/CVE-2023-248xx/CVE-2023-24805.json +++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24805.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24805", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-17T18:15:09.177", - "lastModified": "2023-05-24T05:15:09.530", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:05:06.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,32 +64,142 @@ "value": "CWE-78" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0", + "matchCriteriaId": "4B3F579A-B8F0-4F15-A8DA-7D58BF94740A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "216CAAD0-DBE1-4732-9E7D-1E2F681DC3F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "528C776A-D684-4A2B-BD40-4798321169E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "04694E1A-63CE-41E8-A8CA-31368D058EDB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "DADB252D-65B1-4591-B3F3-DBCEFD49CC52" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Release Notes" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Release Notes" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5407", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2491.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2491.json index 49108618e9d..02d318dfa15 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2491.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2491.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2491", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-17T22:15:10.997", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:25:35.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the \"org-babel-execute:latex\" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,22 +56,102 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:emacs:26.1-9.el8:*:*:*:*:*:*:*", + "matchCriteriaId": "0D22AA80-5195-415F-B400-E15FDA9DB01C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:emacs:27.2-8.el9:*:*:*:*:*:*:*", + "matchCriteriaId": "28CA40AF-31C9-43CA-B6F1-2B67222B9271" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "0CD25A35-9C2B-4382-8720-4E39F928170B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:2626", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:3104", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-2491", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192873", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25394.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25394.json index 70b36ba4af9..ba61fbc8d3c 100644 --- a/CVE-2023/CVE-2023-253xx/CVE-2023-25394.json +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25394.json @@ -2,23 +2,87 @@ "id": "CVE-2023-25394", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T00:15:08.967", - "lastModified": "2023-05-17T12:46:46.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:57:14.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getvideostream:videostream:0.4.3:*:*:*:*:macos:*:*", + "matchCriteriaId": "A7DF29F4-CA61-494F-83C2-B03507A7B080" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getvideostream:videostream:0.5.0:*:*:*:*:macos:*:*", + "matchCriteriaId": "B80567DA-E95C-406A-A7FC-A021D03ED0D3" + } + ] + } + ] + } + ], "references": [ { "url": "https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://getvideostream.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25698.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25698.json index c052aa281f4..403625f8c31 100644 --- a/CVE-2023/CVE-2023-256xx/CVE-2023-25698.json +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25698.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25698", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T11:15:09.357", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:27:29.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:studiowombat:shoppable_images:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.4", + "matchCriteriaId": "4CBEA8A8-4F13-47C2-8F3B-ABC026AF8E66" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mabel-shoppable-images-lite/wordpress-shoppable-images-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26044.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26044.json index cfcfe93bc2d..8192d46c548 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26044.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26044.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26044", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-17T18:15:09.247", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:03:21.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reactphp:http:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.8.0", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "AC0B6E67-4AED-41D8-90CE-5D5179BAE135" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/reactphp/http/commit/9681f764b80c45ebfb5fe2ea7da5bd3babfcdcfd", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/reactphp/http/security/advisories/GHSA-95x4-j7vc-h8mf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2631.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2631.json index a15e4ca631b..ff4a924c663 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2631.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2631.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2631", "sourceIdentifier": "disclosure@synopsys.com", "published": "2023-05-16T19:15:09.090", - "lastModified": "2023-05-16T20:04:03.627", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:11:45.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:code_dx:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "814BAE77-3324-4908-89D4-9A3A63B690FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3118", - "source": "disclosure@synopsys.com" + "source": "disclosure@synopsys.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2632.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2632.json index 7a1a801e327..555485f7d7e 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2632.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2632.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2632", "sourceIdentifier": "disclosure@synopsys.com", "published": "2023-05-16T18:15:17.303", - "lastModified": "2023-05-16T20:04:03.627", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:08:28.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:code_dx:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "814BAE77-3324-4908-89D4-9A3A63B690FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146", - "source": "disclosure@synopsys.com" + "source": "disclosure@synopsys.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2633.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2633.json index f91f4c5818f..3757eb12453 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2633.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2633.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2633", "sourceIdentifier": "disclosure@synopsys.com", "published": "2023-05-16T18:15:17.453", - "lastModified": "2023-05-16T20:04:03.627", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:09:27.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + }, { "source": "disclosure@synopsys.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:code_dx:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "814BAE77-3324-4908-89D4-9A3A63B690FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146", - "source": "disclosure@synopsys.com" + "source": "disclosure@synopsys.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27423.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27423.json index 22fbb0419ab..dda2b02f778 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27423.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27423.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27423", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T11:15:09.427", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:26:13.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mijnpress:auto_prune_posts:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "252B884D-AA87-4593-A153-687EF1C67723" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/auto-prune-posts/wordpress-auto-prune-posts-plugin-1-8-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27430.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27430.json index c2be123c67d..cdb89d8f5ab 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27430.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27430.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27430", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T11:15:09.490", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:24:02.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mijnpress:mass_delete_unused_tags:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.0", + "matchCriteriaId": "16752708-C44C-423C-BE92-D9F9685EF39F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mass-delete-unused-tags/wordpress-mass-delete-unused-tags-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-277xx/CVE-2023-27742.json b/CVE-2023/CVE-2023-277xx/CVE-2023-27742.json index 892835427db..cb9ad5bd772 100644 --- a/CVE-2023/CVE-2023-277xx/CVE-2023-27742.json +++ b/CVE-2023/CVE-2023-277xx/CVE-2023-27742.json @@ -2,19 +2,75 @@ "id": "CVE-2023-27742", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T20:15:09.093", - "lastModified": "2023-05-17T12:46:50.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:03:19.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:idurar_project:idurar:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A6E415AB-4775-4054-BCFF-200F07D738F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/G37SYS73M/CVE-2023-27742", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2700.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2700.json index cfb0622eb0f..f62512b2d6f 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2700.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2700.json @@ -2,27 +2,114 @@ "id": "CVE-2023-2700", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-15T22:15:12.207", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:14:48.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:libvirt:4.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9277EFDB-F870-4168-8429-3C6962B5FB06" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-2700", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2708.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2708.json index 926fb116758..7686ecac795 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2708.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2708", "sourceIdentifier": "security@wordfence.com", "published": "2023-05-16T03:15:09.063", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:51:55.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:i13websolution:video_gallery:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.11", + "matchCriteriaId": "8611E6D2-366A-4A64-9B13-54F7F8D4AB26" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php#L1103", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.11/video-slider-with-thumbnails.php#L1105", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2731.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2731.json index 50c721ae3bc..c2dff8abc6f 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2731.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2731.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2731", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-17T22:15:11.047", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:17:07.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,22 +56,77 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.0", + "matchCriteriaId": "A16AFDD6-3B2B-4DC9-876E-9D53B126201C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-2731", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207635", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/548", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2765.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2765.json index 1e447b852c8..2c2021f9cce 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2765.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2765.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2765", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-17T17:15:17.363", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:12:27.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weaver:weaver_office_automation:9.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D826258D-8008-41F8-A8A3-6BB52011F667" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/eckert-lcc/cve/blob/main/Weaver%20oa.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.229270", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.229270", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2766.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2766.json index 2d98fc9072f..ef8f21276ff 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2766.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2766", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-17T17:15:17.443", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:11:14.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weaver:weaver_office_automation:9.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D826258D-8008-41F8-A8A3-6BB52011F667" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/8079048q/cve/blob/main/weaveroa.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.229271", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.229271", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2768.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2768.json index 4b2a8228ec0..6c0f1f7afba 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2768.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2768.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2768", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-17T17:15:17.523", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:05:59.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sucms_project:sucms:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "54E4EEF5-A773-4381-AAC6-ECA5936AB714" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Upgradeextension/Sucms-v1.0/blob/main/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.229274", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.229274", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2774.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2774.json index 07a8539ae4d..122101bcdca 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2774.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2774.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2774", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-17T20:15:10.427", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:34:40.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bus_dispatch_and_information_system_project:bus_dispatch_and_information_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7617077D-5306-4794-B118-A6CB5E7ECB02" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mrwwrrhh/Bus_Dispatch_and_Information_System/blob/main/Bus%20Dispatch%20and%20Information%20System%20in%20view_branch%20%20has%20Sql%20injection%20vulnerabilities.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.229280", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.229280", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2775.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2775.json index 2706402449f..7095ac70fb6 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2775.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2775.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2775", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-17T20:15:10.513", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:33:16.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bus_dispatch_and_information_system_project:bus_dispatch_and_information_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7617077D-5306-4794-B118-A6CB5E7ECB02" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mrwwrrhh/Bus_Dispatch_and_Information_System/blob/main/Bus%20Dispatch%20and%20Information%20System%20in%20login_info%20has%20Sql%20injection%20vulnerabilities.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.229281", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.229281", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2776.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2776.json index b4bb62e68a3..e3327a82961 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2776.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2776.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2776", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-17T20:15:10.597", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:27:28.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simple_photo_gallery_project:simple_photo_gallery:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D3E19BB3-E048-4698-8B8A-F40358FD5E83" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/zyz0103/system-vul/blob/master/Simple%20Photo%20Gallery%20In%20PHP%20With%20Source%20Code%20has%20file%20upload%20vulnerability.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.229282", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.229282", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2780.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2780.json index 86d7303c15a..e4c723f9107 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2780.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2780.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2780", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-17T21:15:09.470", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:26:40.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.3.1", + "matchCriteriaId": "9D848560-15B3-4F3C-BB4D-A847948CE1EC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2782.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2782.json index 31be571bd39..4d2412ef7bf 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2782.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2782.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2782", "sourceIdentifier": "security@acronis.com", "published": "2023-05-18T11:15:09.563", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:23:06.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.3.1-38", + "matchCriteriaId": "EB1FE823-4833-4FC2-813C-E70A166958AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-3475", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29837.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29837.json index 8d14a9efa26..fbc614c3688 100644 --- a/CVE-2023/CVE-2023-298xx/CVE-2023-29837.json +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29837.json @@ -2,23 +2,81 @@ "id": "CVE-2023-29837", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T20:15:10.280", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:39:28.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:exelysis:exelysis_unified_communications_solution:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DACD11BC-5F95-4E4B-9B91-78244C70F03C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/IthacaLabs/Exelysis", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/IthacaLabs/Exelysis/blob/main/EUCS%20Admin%20Login%20XSS_CVE-2023-29836_CVE-2023-29837.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29857.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29857.json index 661a024324c..157343b4398 100644 --- a/CVE-2023/CVE-2023-298xx/CVE-2023-29857.json +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29857.json @@ -2,23 +2,81 @@ "id": "CVE-2023-29857", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T02:15:10.907", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:38:38.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:teslamate_project:teslamate:1.27.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8BFF1DCC-D515-48F4-865E-2629BE0247D4" + } + ] + } + ] + } + ], "references": [ { "url": "http://leegt.synology.me:4000/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/Langangago/Cve-number/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29927.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29927.json index e6f0dcdeaad..5d763ecb195 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29927.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29927.json @@ -2,19 +2,75 @@ "id": "CVE-2023-29927", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T20:15:09.213", - "lastModified": "2023-05-17T12:46:50.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:05:07.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the \"Windows Peer-to-Peer Network\" or \"Client Server Network\" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program\u2019s role-based access controls." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sage:sage_300:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2022", + "matchCriteriaId": "F8A63515-64F4-4132-B748-C4759CBA67FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.controlgap.com/blog/critical-vulnerability-disclosure-sage-300", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29961.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29961.json index fc2d15e7321..13ce810631f 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29961.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29961.json @@ -2,23 +2,94 @@ "id": "CVE-2023-29961", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T01:15:09.067", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:02:42.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup," } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-605l_firmware:1.17b01:*:*:*:*:*:*:*", + "matchCriteriaId": "E02E7612-ABAC-48FE-896E-292C404D2FCE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD4E3AA2-EC1C-4219-8E13-B52D30A7FA06" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/dir605l.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.dlink.com/en/security-bulletin/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29985.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29985.json index 163f7a4a7db..60279d0fa04 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29985.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29985.json @@ -2,19 +2,75 @@ "id": "CVE-2023-29985", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T01:15:09.117", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:39:56.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sourcecodester Student Study Center Desk Management System v1.0 admin\\reports\\index.php#date_from has a SQL Injection vulnerability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:student_study_center_desk_management_system_project:student_study_center_desk_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5A7F67EA-5AEE-4BE7-8EB3-F5C2FFDC5344" + } + ] + } + ] + } + ], "references": [ { "url": "https://liaorj.github.io/2023/03/17/admin-reports-date-from-has-sql-injection-vulnerability/#more", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30124.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30124.json index 59057f0b07d..5a127e19e63 100644 --- a/CVE-2023/CVE-2023-301xx/CVE-2023-30124.json +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30124.json @@ -2,19 +2,76 @@ "id": "CVE-2023-30124", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T01:15:09.163", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:39:23.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lavalite:lavalite:9.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6150AF5B-17E6-4BFB-9980-F181A335022D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/LavaLite/cms/issues/389#issue-1636041104", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30191.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30191.json index 7c1445fe474..53782ed6ecb 100644 --- a/CVE-2023/CVE-2023-301xx/CVE-2023-30191.json +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30191.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30191", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T20:15:10.680", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:09:37.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +54,45 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cdesigner_project:cdesigner:*:*:*:*:*:prestashop:*:*", + "versionEndIncluding": "3.2.2", + "matchCriteriaId": "04BC753A-97D4-4C01-A421-B5ABCB42CE5D" + } + ] + } + ] + } + ], "references": [ { "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/17/cdesigner-89.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30487.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30487.json index fdb42f3344f..e0ef416ac1b 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30487.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30487.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30487", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T09:15:10.333", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:17:34.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0.2", + "matchCriteriaId": "5B7FEF2E-8B0A-4CDD-83C7-65226AADF503" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/learnpress-import-export/wordpress-learnpress-export-import-plugin-4-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30780.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30780.json index 3443b60eff7..22db2c5d6f1 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30780.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30780.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30780", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T11:15:09.633", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:22:23.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:theguidex:user_ip_and_location:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.1", + "matchCriteriaId": "D52630DF-3300-4613-A07F-775B43BB9667" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/user-ip-and-location/wordpress-user-ip-and-location-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30868.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30868.json index 53da0c7531d..a70481ab133 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30868.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30868.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30868", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T09:15:10.437", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:17:51.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.7", + "matchCriteriaId": "3191FD6E-9258-4CCA-A0CE-5444F64B15DE" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cms-tree-page-view/wordpress-cms-tree-page-view-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31131.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31131.json index 36a128c2a03..c4579761ce5 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31131.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31131.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31131", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-15T22:15:12.273", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:06:11.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:greenplum_database:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.22.3", + "matchCriteriaId": "19687964-5180-47DC-9C0C-5482B2B44A3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/greenplum-db/gpdb/commit/1ec4affbba7c9745f64edbd80a6680ad29b09471", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hgm9-2q42-c7f3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31135.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31135.json index 2d2116487c9..e7a48b22ac1 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31135.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31135.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31135", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-17T18:15:09.437", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:01:53.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dgraph:dgraph:*:*:*:*:*:go:*:*", + "versionEndExcluding": "23.0.0", + "matchCriteriaId": "662699FF-8150-4D0E-817D-431360751CCF" + } + ] + } + ] + } + ], "references": [ { "url": "https://en.wikipedia.org/wiki/Cryptographic_nonce", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/dgraph-io/dgraph/pull/8323", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31233.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31233.json index 986a6ce95d6..559a1e22961 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31233.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31233.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31233", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T10:15:09.837", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:32:35.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:baidu_tongji_generator_project:baidu_tongji_generator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.2", + "matchCriteriaId": "440A7E49-89EB-4768-88F5-57666EB9A33B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/baidu-tongji-generator/wordpress-baidu-tongji-generator-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31597.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31597.json index 62dd0d4ebab..de6f28e06f3 100644 --- a/CVE-2023/CVE-2023-315xx/CVE-2023-31597.json +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31597.json @@ -2,19 +2,76 @@ "id": "CVE-2023-31597", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T18:15:10.017", - "lastModified": "2023-05-18T20:16:21.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:46:37.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.1", + "matchCriteriaId": "F63F238F-5458-4221-8429-6CA7ED911A2C" + } + ] + } + ] + } + ], "references": [ { "url": "https://zammad.com/de/advisories/zaa-2023-03", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31701.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31701.json index c6809ed6884..8bc98af9855 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31701.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31701.json @@ -2,19 +2,92 @@ "id": "CVE-2023-31701", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T14:15:09.383", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:34:40.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wpa4530_kit_firmware:161115:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1B618D-E588-4763-B002-9CA550B36ACE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wpa4530_kit_firmware:170406:*:*:*:*:*:*:*", + "matchCriteriaId": "0871F990-15E8-41B6-825E-2303375CB611" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wpa4530_kit:v2:*:*:*:*:*:*:*", + "matchCriteriaId": "CF22247B-4AF4-4E69-80DC-F1C02EE697A3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tp-link/postPlcJson/report.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31722.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31722.json index 32e6f168d3c..d6f6a75545b 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31722.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31722.json @@ -2,19 +2,76 @@ "id": "CVE-2023-31722", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T14:15:09.423", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:35:14.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nasm:netwide_assembler:2.16.02:rc1:*:*:*:*:*:*", + "matchCriteriaId": "5204C5DA-744D-4D4C-915E-B2916AD62E1E" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31729.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31729.json index dc7eb297e96..8f71c0b3405 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31729.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31729.json @@ -2,23 +2,93 @@ "id": "CVE-2023-31729", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T02:15:12.380", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:37:47.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557:*:*:*:*:*:*:*", + "matchCriteriaId": "0C69B7CF-BF5E-423E-ACA1-D46D6BF6D127" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1" + } + ] + } + ] + } + ], "references": [ { "url": "http://totolink.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31903.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31903.json index 41b0090823c..47975319a5a 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31903.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31903.json @@ -2,23 +2,84 @@ "id": "CVE-2023-31903", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T13:15:09.720", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:33:42.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freeguppy:guppy:6.00.10:*:*:*:*:*:*:*", + "matchCriteriaId": "604416E0-0069-416C-AAE7-EF938FC66A45" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/blue0x1/GuppY-exploit-rce", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.exploit-db.com/exploits/51052", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31904.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31904.json index 1f7d2cb9f83..070e0a7a341 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31904.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31904.json @@ -2,19 +2,76 @@ "id": "CVE-2023-31904", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T13:15:09.777", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:34:19.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:savysoda:wifi_hd_wireless_disk_drive:11:*:*:*:*:iphone_os:*:*", + "matchCriteriaId": "88C77186-8801-45A6-B27B-A4E3211873E2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.exploit-db.com/exploits/51015", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32308.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32308.json index 60df1654051..db2bdd0d751 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32308.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32308.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32308", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-15T21:15:09.530", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:38:00.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.22.11.5781", + "matchCriteriaId": "950665B0-1126-463B-99BB-4EB7A099B25B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/anuko/timetracker/commit/8a7367d7f77ea697c090f5ca4e19669181cc7bcf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/anuko/timetracker/security/advisories/GHSA-9g2c-7c7g-p58r", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32515.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32515.json index 03974bf8ef7..31e0e4ff94d 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32515.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32515.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32515", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-18T10:15:09.913", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T16:32:21.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:custom_field_suite_project:custom_field_suite:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.6.3", + "matchCriteriaId": "8FB2B754-75B8-48DC-8B4A-2781700EC1B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/custom-field-suite/wordpress-custom-field-suite-plugin-2-6-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32767.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32767.json index 06c0df36768..af702e149f3 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32767.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32767.json @@ -2,23 +2,83 @@ "id": "CVE-2023-32767", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T20:15:10.757", - "lastModified": "2023-05-18T12:53:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-25T17:27:17.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:symcon:ip_symcon:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.3", + "matchCriteriaId": "EC501EE0-C2F3-4C4E-A13B-6926F00BA13D" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.symcon.de/t/ip-symcon-6-3-stable-changelog/40276/87", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-014.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33750.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33750.json new file mode 100644 index 00000000000..0881f268f85 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33750.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33750", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-25T17:15:12.110", + "lastModified": "2023-05-25T17:15:12.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/sansanyun/mipjz/issues/15", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33751.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33751.json new file mode 100644 index 00000000000..4fd5fada1a9 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33751.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33751", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-25T17:15:12.263", + "lastModified": "2023-05-25T17:15:12.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/sansanyun/mipjz/issues/14", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 213d46ac62f..eed9a0d5a63 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-25T16:00:31.639914+00:00 +2023-05-25T18:00:29.704440+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-25T15:59:04.283000+00:00 +2023-05-25T17:57:14.570000+00:00 ``` ### Last Data Feed Release @@ -29,52 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216030 +216032 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `2` -* [CVE-2023-0459](CVE-2023/CVE-2023-04xx/CVE-2023-0459.json) (`2023-05-25T14:15:09.603`) -* [CVE-2023-22504](CVE-2023/CVE-2023-225xx/CVE-2023-22504.json) (`2023-05-25T14:15:09.877`) -* [CVE-2023-2480](CVE-2023/CVE-2023-24xx/CVE-2023-2480.json) (`2023-05-25T14:15:10.120`) -* [CVE-2023-2798](CVE-2023/CVE-2023-27xx/CVE-2023-2798.json) (`2023-05-25T14:15:10.320`) -* [CVE-2023-2851](CVE-2023/CVE-2023-28xx/CVE-2023-2851.json) (`2023-05-25T14:15:10.557`) -* [CVE-2023-33355](CVE-2023/CVE-2023-333xx/CVE-2023-33355.json) (`2023-05-25T14:15:10.850`) -* [CVE-2023-33356](CVE-2023/CVE-2023-333xx/CVE-2023-33356.json) (`2023-05-25T14:15:11.030`) -* [CVE-2023-32694](CVE-2023/CVE-2023-326xx/CVE-2023-32694.json) (`2023-05-25T15:15:09.027`) +* [CVE-2023-33750](CVE-2023/CVE-2023-337xx/CVE-2023-33750.json) (`2023-05-25T17:15:12.110`) +* [CVE-2023-33751](CVE-2023/CVE-2023-337xx/CVE-2023-33751.json) (`2023-05-25T17:15:12.263`) ### CVEs modified in the last Commit -Recently modified CVEs: `38` +Recently modified CVEs: `58` -* [CVE-2023-32956](CVE-2023/CVE-2023-329xx/CVE-2023-32956.json) (`2023-05-25T15:09:54.967`) -* [CVE-2023-2161](CVE-2023/CVE-2023-21xx/CVE-2023-2161.json) (`2023-05-25T15:14:00.573`) -* [CVE-2023-32955](CVE-2023/CVE-2023-329xx/CVE-2023-32955.json) (`2023-05-25T15:19:39.333`) -* [CVE-2023-30501](CVE-2023/CVE-2023-305xx/CVE-2023-30501.json) (`2023-05-25T15:22:05.390`) -* [CVE-2023-2710](CVE-2023/CVE-2023-27xx/CVE-2023-2710.json) (`2023-05-25T15:25:43.933`) -* [CVE-2023-30502](CVE-2023/CVE-2023-305xx/CVE-2023-30502.json) (`2023-05-25T15:31:55.457`) -* [CVE-2023-30503](CVE-2023/CVE-2023-305xx/CVE-2023-30503.json) (`2023-05-25T15:32:10.817`) -* [CVE-2023-30504](CVE-2023/CVE-2023-305xx/CVE-2023-30504.json) (`2023-05-25T15:32:19.507`) -* [CVE-2023-30505](CVE-2023/CVE-2023-305xx/CVE-2023-30505.json) (`2023-05-25T15:32:44.243`) -* [CVE-2023-30506](CVE-2023/CVE-2023-305xx/CVE-2023-30506.json) (`2023-05-25T15:32:52.403`) -* [CVE-2023-31698](CVE-2023/CVE-2023-316xx/CVE-2023-31698.json) (`2023-05-25T15:41:38.163`) -* [CVE-2023-30507](CVE-2023/CVE-2023-305xx/CVE-2023-30507.json) (`2023-05-25T15:41:52.120`) -* [CVE-2023-30508](CVE-2023/CVE-2023-305xx/CVE-2023-30508.json) (`2023-05-25T15:42:02.047`) -* [CVE-2023-30509](CVE-2023/CVE-2023-305xx/CVE-2023-30509.json) (`2023-05-25T15:42:19.017`) -* [CVE-2023-30510](CVE-2023/CVE-2023-305xx/CVE-2023-30510.json) (`2023-05-25T15:42:58.103`) -* [CVE-2023-31699](CVE-2023/CVE-2023-316xx/CVE-2023-31699.json) (`2023-05-25T15:43:57.950`) -* [CVE-2023-31902](CVE-2023/CVE-2023-319xx/CVE-2023-31902.json) (`2023-05-25T15:46:52.150`) -* [CVE-2023-31702](CVE-2023/CVE-2023-317xx/CVE-2023-31702.json) (`2023-05-25T15:51:23.433`) -* [CVE-2023-31703](CVE-2023/CVE-2023-317xx/CVE-2023-31703.json) (`2023-05-25T15:52:01.867`) -* [CVE-2023-2773](CVE-2023/CVE-2023-27xx/CVE-2023-2773.json) (`2023-05-25T15:55:30.730`) -* [CVE-2023-2772](CVE-2023/CVE-2023-27xx/CVE-2023-2772.json) (`2023-05-25T15:56:37.780`) -* [CVE-2023-2771](CVE-2023/CVE-2023-27xx/CVE-2023-2771.json) (`2023-05-25T15:57:12.883`) -* [CVE-2023-2770](CVE-2023/CVE-2023-27xx/CVE-2023-2770.json) (`2023-05-25T15:58:23.257`) -* [CVE-2023-2888](CVE-2023/CVE-2023-28xx/CVE-2023-2888.json) (`2023-05-25T15:58:29.613`) -* [CVE-2023-2769](CVE-2023/CVE-2023-27xx/CVE-2023-2769.json) (`2023-05-25T15:59:04.283`) +* [CVE-2023-2700](CVE-2023/CVE-2023-27xx/CVE-2023-2700.json) (`2023-05-25T17:14:48.953`) +* [CVE-2023-2731](CVE-2023/CVE-2023-27xx/CVE-2023-2731.json) (`2023-05-25T17:17:07.247`) +* [CVE-2023-2491](CVE-2023/CVE-2023-24xx/CVE-2023-2491.json) (`2023-05-25T17:25:35.470`) +* [CVE-2023-2203](CVE-2023/CVE-2023-22xx/CVE-2023-2203.json) (`2023-05-25T17:25:51.033`) +* [CVE-2023-1972](CVE-2023/CVE-2023-19xx/CVE-2023-1972.json) (`2023-05-25T17:26:20.903`) +* [CVE-2023-2780](CVE-2023/CVE-2023-27xx/CVE-2023-2780.json) (`2023-05-25T17:26:40.920`) +* [CVE-2023-32767](CVE-2023/CVE-2023-327xx/CVE-2023-32767.json) (`2023-05-25T17:27:17.517`) +* [CVE-2023-2776](CVE-2023/CVE-2023-27xx/CVE-2023-2776.json) (`2023-05-25T17:27:28.387`) +* [CVE-2023-2775](CVE-2023/CVE-2023-27xx/CVE-2023-2775.json) (`2023-05-25T17:33:16.180`) +* [CVE-2023-31903](CVE-2023/CVE-2023-319xx/CVE-2023-31903.json) (`2023-05-25T17:33:42.757`) +* [CVE-2023-31904](CVE-2023/CVE-2023-319xx/CVE-2023-31904.json) (`2023-05-25T17:34:19.993`) +* [CVE-2023-2124](CVE-2023/CVE-2023-21xx/CVE-2023-2124.json) (`2023-05-25T17:34:31.447`) +* [CVE-2023-2774](CVE-2023/CVE-2023-27xx/CVE-2023-2774.json) (`2023-05-25T17:34:40.707`) +* [CVE-2023-31701](CVE-2023/CVE-2023-317xx/CVE-2023-31701.json) (`2023-05-25T17:34:40.853`) +* [CVE-2023-31722](CVE-2023/CVE-2023-317xx/CVE-2023-31722.json) (`2023-05-25T17:35:14.067`) +* [CVE-2023-22348](CVE-2023/CVE-2023-223xx/CVE-2023-22348.json) (`2023-05-25T17:35:38.100`) +* [CVE-2023-2295](CVE-2023/CVE-2023-22xx/CVE-2023-2295.json) (`2023-05-25T17:35:57.487`) +* [CVE-2023-31729](CVE-2023/CVE-2023-317xx/CVE-2023-31729.json) (`2023-05-25T17:37:47.043`) +* [CVE-2023-32308](CVE-2023/CVE-2023-323xx/CVE-2023-32308.json) (`2023-05-25T17:38:00.570`) +* [CVE-2023-29857](CVE-2023/CVE-2023-298xx/CVE-2023-29857.json) (`2023-05-25T17:38:38.170`) +* [CVE-2023-30124](CVE-2023/CVE-2023-301xx/CVE-2023-30124.json) (`2023-05-25T17:39:23.237`) +* [CVE-2023-29837](CVE-2023/CVE-2023-298xx/CVE-2023-29837.json) (`2023-05-25T17:39:28.597`) +* [CVE-2023-29985](CVE-2023/CVE-2023-299xx/CVE-2023-29985.json) (`2023-05-25T17:39:56.117`) +* [CVE-2023-31597](CVE-2023/CVE-2023-315xx/CVE-2023-31597.json) (`2023-05-25T17:46:37.813`) +* [CVE-2023-25394](CVE-2023/CVE-2023-253xx/CVE-2023-25394.json) (`2023-05-25T17:57:14.570`) ## Download and Usage