From 38ae7639436dd74d1415ddb58caf7ca07a7095a1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 23 Jun 2023 20:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-06-23T20:00:27.060629+00:00 --- CVE-2021/CVE-2021-312xx/CVE-2021-31280.json | 65 ++- CVE-2022/CVE-2022-226xx/CVE-2022-22630.json | 28 ++ CVE-2022/CVE-2022-238xx/CVE-2022-23854.json | 14 +- CVE-2022/CVE-2022-240xx/CVE-2022-24045.json | 6 +- CVE-2022/CVE-2022-247xx/CVE-2022-24711.json | 4 +- CVE-2022/CVE-2022-247xx/CVE-2022-24725.json | 14 +- CVE-2022/CVE-2022-247xx/CVE-2022-24730.json | 6 +- CVE-2022/CVE-2022-247xx/CVE-2022-24748.json | 14 +- CVE-2022/CVE-2022-247xx/CVE-2022-24768.json | 4 +- CVE-2022/CVE-2022-248xx/CVE-2022-24813.json | 14 +- CVE-2022/CVE-2022-248xx/CVE-2022-24818.json | 14 +- CVE-2022/CVE-2022-248xx/CVE-2022-24828.json | 4 +- CVE-2022/CVE-2022-248xx/CVE-2022-24838.json | 4 +- CVE-2022/CVE-2022-248xx/CVE-2022-24847.json | 14 +- CVE-2022/CVE-2022-248xx/CVE-2022-24882.json | 4 +- CVE-2022/CVE-2022-248xx/CVE-2022-24891.json | 8 +- CVE-2022/CVE-2022-248xx/CVE-2022-24895.json | 14 +- CVE-2022/CVE-2022-249xx/CVE-2022-24900.json | 4 +- CVE-2022/CVE-2022-249xx/CVE-2022-24903.json | 10 +- CVE-2022/CVE-2022-249xx/CVE-2022-24926.json | 4 +- CVE-2022/CVE-2022-249xx/CVE-2022-24930.json | 4 +- CVE-2022/CVE-2022-249xx/CVE-2022-24931.json | 4 +- CVE-2022/CVE-2022-24xx/CVE-2022-2458.json | 4 +- CVE-2022/CVE-2022-251xx/CVE-2022-25151.json | 4 +- CVE-2022/CVE-2022-251xx/CVE-2022-25168.json | 4 +- CVE-2022/CVE-2022-255xx/CVE-2022-25597.json | 4 +- CVE-2022/CVE-2022-258xx/CVE-2022-25824.json | 4 +- CVE-2022/CVE-2022-258xx/CVE-2022-25831.json | 4 +- CVE-2022/CVE-2022-25xx/CVE-2022-2552.json | 12 +- CVE-2022/CVE-2022-427xx/CVE-2022-42792.json | 20 + CVE-2022/CVE-2022-428xx/CVE-2022-42807.json | 20 + CVE-2022/CVE-2022-428xx/CVE-2022-42834.json | 28 ++ CVE-2022/CVE-2022-428xx/CVE-2022-42860.json | 28 ++ CVE-2022/CVE-2022-436xx/CVE-2022-43684.json | 416 +++++++++++++++++++- CVE-2022/CVE-2022-445xx/CVE-2022-44566.json | 4 +- CVE-2022/CVE-2022-445xx/CVE-2022-44570.json | 4 +- CVE-2022/CVE-2022-467xx/CVE-2022-46715.json | 20 + CVE-2022/CVE-2022-467xx/CVE-2022-46718.json | 32 ++ CVE-2023/CVE-2023-235xx/CVE-2023-23516.json | 28 ++ CVE-2023/CVE-2023-235xx/CVE-2023-23539.json | 20 + CVE-2023/CVE-2023-244xx/CVE-2023-24469.json | 74 +++- CVE-2023/CVE-2023-244xx/CVE-2023-24470.json | 74 +++- CVE-2023/CVE-2023-250xx/CVE-2023-25003.json | 20 + CVE-2023/CVE-2023-255xx/CVE-2023-25515.json | 55 +++ CVE-2023/CVE-2023-255xx/CVE-2023-25518.json | 55 +++ CVE-2023/CVE-2023-255xx/CVE-2023-25520.json | 55 +++ CVE-2023/CVE-2023-265xx/CVE-2023-26515.json | 47 ++- CVE-2023/CVE-2023-265xx/CVE-2023-26541.json | 47 ++- CVE-2023/CVE-2023-279xx/CVE-2023-27930.json | 32 ++ CVE-2023/CVE-2023-279xx/CVE-2023-27940.json | 28 ++ CVE-2023/CVE-2023-279xx/CVE-2023-27964.json | 20 + CVE-2023/CVE-2023-27xx/CVE-2023-2784.json | 70 +++- CVE-2023/CVE-2023-281xx/CVE-2023-28191.json | 40 ++ CVE-2023/CVE-2023-282xx/CVE-2023-28202.json | 32 ++ CVE-2023/CVE-2023-282xx/CVE-2023-28204.json | 40 ++ CVE-2023/CVE-2023-28xx/CVE-2023-2807.json | 57 ++- CVE-2023/CVE-2023-295xx/CVE-2023-29501.json | 85 +++- CVE-2023/CVE-2023-314xx/CVE-2023-31437.json | 73 +++- CVE-2023/CVE-2023-314xx/CVE-2023-31438.json | 73 +++- CVE-2023/CVE-2023-314xx/CVE-2023-31439.json | 74 +++- CVE-2023/CVE-2023-319xx/CVE-2023-31975.json | 122 ++++-- CVE-2023/CVE-2023-323xx/CVE-2023-32351.json | 20 + CVE-2023/CVE-2023-323xx/CVE-2023-32352.json | 36 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32353.json | 20 + CVE-2023/CVE-2023-323xx/CVE-2023-32354.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32355.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32357.json | 40 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32360.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32363.json | 20 + CVE-2023/CVE-2023-323xx/CVE-2023-32365.json | 24 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32367.json | 24 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32368.json | 36 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32369.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32371.json | 24 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32372.json | 32 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32373.json | 40 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32375.json | 24 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32376.json | 32 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32380.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32382.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32384.json | 44 +++ CVE-2023/CVE-2023-323xx/CVE-2023-32385.json | 24 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32386.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32387.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32388.json | 40 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32389.json | 32 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32390.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32391.json | 32 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32392.json | 40 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32394.json | 32 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32395.json | 28 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32397.json | 32 ++ CVE-2023/CVE-2023-323xx/CVE-2023-32398.json | 44 +++ CVE-2023/CVE-2023-323xx/CVE-2023-32399.json | 32 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32400.json | 28 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32402.json | 36 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32403.json | 44 +++ CVE-2023/CVE-2023-324xx/CVE-2023-32404.json | 28 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32405.json | 28 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32407.json | 44 +++ CVE-2023/CVE-2023-324xx/CVE-2023-32408.json | 40 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32409.json | 36 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32410.json | 32 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32411.json | 36 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32412.json | 44 +++ CVE-2023/CVE-2023-324xx/CVE-2023-32413.json | 44 +++ CVE-2023/CVE-2023-324xx/CVE-2023-32414.json | 20 + CVE-2023/CVE-2023-324xx/CVE-2023-32415.json | 28 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32417.json | 20 + CVE-2023/CVE-2023-324xx/CVE-2023-32419.json | 20 + CVE-2023/CVE-2023-324xx/CVE-2023-32420.json | 32 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32422.json | 28 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32423.json | 36 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32434.json | 44 +++ CVE-2023/CVE-2023-324xx/CVE-2023-32435.json | 32 ++ CVE-2023/CVE-2023-324xx/CVE-2023-32439.json | 32 ++ CVE-2023/CVE-2023-325xx/CVE-2023-32546.json | 69 +++- CVE-2023/CVE-2023-335xx/CVE-2023-33565.json | 24 ++ CVE-2023/CVE-2023-335xx/CVE-2023-33568.json | 88 ++++- CVE-2023/CVE-2023-336xx/CVE-2023-33621.json | 86 +++- CVE-2023/CVE-2023-339xx/CVE-2023-33986.json | 51 ++- CVE-2023/CVE-2023-33xx/CVE-2023-3317.json | 32 ++ CVE-2023/CVE-2023-33xx/CVE-2023-3393.json | 59 +++ CVE-2023/CVE-2023-33xx/CVE-2023-3394.json | 59 +++ CVE-2023/CVE-2023-341xx/CVE-2023-34101.json | 52 ++- CVE-2023/CVE-2023-341xx/CVE-2023-34115.json | 57 ++- CVE-2023/CVE-2023-342xx/CVE-2023-34241.json | 6 +- CVE-2023/CVE-2023-342xx/CVE-2023-34247.json | 53 ++- CVE-2023/CVE-2023-342xx/CVE-2023-34249.json | 54 ++- CVE-2023/CVE-2023-342xx/CVE-2023-34252.json | 75 +++- CVE-2023/CVE-2023-346xx/CVE-2023-34671.json | 24 ++ CVE-2023/CVE-2023-346xx/CVE-2023-34672.json | 24 ++ CVE-2023/CVE-2023-346xx/CVE-2023-34673.json | 24 ++ CVE-2023/CVE-2023-348xx/CVE-2023-34845.json | 64 ++- CVE-2023/CVE-2023-348xx/CVE-2023-34867.json | 64 ++- CVE-2023/CVE-2023-348xx/CVE-2023-34868.json | 64 ++- CVE-2023/CVE-2023-349xx/CVE-2023-34965.json | 74 +++- CVE-2023/CVE-2023-350xx/CVE-2023-35064.json | 27 +- CVE-2023/CVE-2023-351xx/CVE-2023-35141.json | 76 +++- CVE-2023/CVE-2023-351xx/CVE-2023-35153.json | 67 ++++ CVE-2023/CVE-2023-351xx/CVE-2023-35155.json | 59 +++ CVE-2023/CVE-2023-351xx/CVE-2023-35156.json | 79 ++++ CVE-2023/CVE-2023-351xx/CVE-2023-35157.json | 67 ++++ CVE-2023/CVE-2023-351xx/CVE-2023-35158.json | 67 ++++ CVE-2023/CVE-2023-351xx/CVE-2023-35159.json | 67 ++++ CVE-2023/CVE-2023-351xx/CVE-2023-35160.json | 67 ++++ CVE-2023/CVE-2023-351xx/CVE-2023-35161.json | 67 ++++ CVE-2023/CVE-2023-351xx/CVE-2023-35162.json | 67 ++++ README.md | 95 +++-- 149 files changed, 5468 insertions(+), 262 deletions(-) create mode 100644 CVE-2022/CVE-2022-226xx/CVE-2022-22630.json create mode 100644 CVE-2022/CVE-2022-427xx/CVE-2022-42792.json create mode 100644 CVE-2022/CVE-2022-428xx/CVE-2022-42807.json create mode 100644 CVE-2022/CVE-2022-428xx/CVE-2022-42834.json create mode 100644 CVE-2022/CVE-2022-428xx/CVE-2022-42860.json create mode 100644 CVE-2022/CVE-2022-467xx/CVE-2022-46715.json create mode 100644 CVE-2022/CVE-2022-467xx/CVE-2022-46718.json create mode 100644 CVE-2023/CVE-2023-235xx/CVE-2023-23516.json create mode 100644 CVE-2023/CVE-2023-235xx/CVE-2023-23539.json create mode 100644 CVE-2023/CVE-2023-250xx/CVE-2023-25003.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25515.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25518.json create mode 100644 CVE-2023/CVE-2023-255xx/CVE-2023-25520.json create mode 100644 CVE-2023/CVE-2023-279xx/CVE-2023-27930.json create mode 100644 CVE-2023/CVE-2023-279xx/CVE-2023-27940.json create mode 100644 CVE-2023/CVE-2023-279xx/CVE-2023-27964.json create mode 100644 CVE-2023/CVE-2023-281xx/CVE-2023-28191.json create mode 100644 CVE-2023/CVE-2023-282xx/CVE-2023-28202.json create mode 100644 CVE-2023/CVE-2023-282xx/CVE-2023-28204.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32351.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32352.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32353.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32354.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32355.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32357.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32360.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32363.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32365.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32367.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32368.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32369.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32371.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32372.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32373.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32375.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32376.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32380.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32382.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32384.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32385.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32386.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32387.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32388.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32389.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32390.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32391.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32392.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32394.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32395.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32397.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32398.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32399.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32400.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32402.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32403.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32404.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32405.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32407.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32408.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32409.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32410.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32411.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32412.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32413.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32414.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32415.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32417.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32419.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32420.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32422.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32423.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32434.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32435.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32439.json create mode 100644 CVE-2023/CVE-2023-335xx/CVE-2023-33565.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3317.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3393.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3394.json create mode 100644 CVE-2023/CVE-2023-346xx/CVE-2023-34671.json create mode 100644 CVE-2023/CVE-2023-346xx/CVE-2023-34672.json create mode 100644 CVE-2023/CVE-2023-346xx/CVE-2023-34673.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35153.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35155.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35156.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35157.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35158.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35159.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35160.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35161.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35162.json diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31280.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31280.json index 1882b286e44..70331a4659e 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31280.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31280.json @@ -2,19 +2,76 @@ "id": "CVE-2021-31280", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-14T14:15:09.517", - "lastModified": "2023-06-14T15:30:58.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:05:02.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tp5cms_project:tp5cms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2017-05-25", + "matchCriteriaId": "867DD6A8-1CED-4FA1-B2CD-2888F8183B66" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/fmsdwifull/tp5cms/issues/8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-226xx/CVE-2022-22630.json b/CVE-2022/CVE-2022-226xx/CVE-2022-22630.json new file mode 100644 index 00000000000..3750e752e12 --- /dev/null +++ b/CVE-2022/CVE-2022-226xx/CVE-2022-22630.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2022-22630", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.380", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213183", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213255", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213256", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-238xx/CVE-2022-23854.json b/CVE-2022/CVE-2022-238xx/CVE-2022-23854.json index ccabf4ae500..e62d456dee4 100644 --- a/CVE-2022/CVE-2022-238xx/CVE-2022-23854.json +++ b/CVE-2022/CVE-2022-238xx/CVE-2022-23854.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23854", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2022-12-23T21:15:09.097", - "lastModified": "2023-01-04T18:15:46.303", + "lastModified": "2023-06-23T18:42:20.577", "vulnStatus": "Analyzed", "descriptions": [ { @@ -56,8 +56,18 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-240xx/CVE-2022-24045.json b/CVE-2022/CVE-2022-240xx/CVE-2022-24045.json index 9b412cd423f..1a3109b47e5 100644 --- a/CVE-2022/CVE-2022-240xx/CVE-2022-24045.json +++ b/CVE-2022/CVE-2022-240xx/CVE-2022-24045.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24045", "sourceIdentifier": "productcert@siemens.com", "published": "2022-05-20T13:15:14.600", - "lastModified": "2022-06-01T15:35:30.293", + "lastModified": "2023-06-23T19:48:54.647", "vulnStatus": "Analyzed", "descriptions": [ { @@ -71,6 +71,10 @@ { "lang": "en", "value": "CWE-311" + }, + { + "lang": "en", + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-247xx/CVE-2022-24711.json b/CVE-2022/CVE-2022-247xx/CVE-2022-24711.json index dfc2e93dd18..3fb23f238a1 100644 --- a/CVE-2022/CVE-2022-247xx/CVE-2022-24711.json +++ b/CVE-2022/CVE-2022-247xx/CVE-2022-24711.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24711", "sourceIdentifier": "security-advisories@github.com", "published": "2022-02-28T16:15:07.970", - "lastModified": "2022-03-08T18:03:10.340", + "lastModified": "2023-06-23T19:17:26.633", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-94" + "value": "CWE-20" } ] }, diff --git a/CVE-2022/CVE-2022-247xx/CVE-2022-24725.json b/CVE-2022/CVE-2022-247xx/CVE-2022-24725.json index 171501e7bce..25334a2774c 100644 --- a/CVE-2022/CVE-2022-247xx/CVE-2022-24725.json +++ b/CVE-2022/CVE-2022-247xx/CVE-2022-24725.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24725", "sourceIdentifier": "security-advisories@github.com", "published": "2022-03-03T22:15:08.950", - "lastModified": "2022-03-17T19:13:26.697", + "lastModified": "2023-06-23T19:17:14.040", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,8 +85,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-247xx/CVE-2022-24730.json b/CVE-2022/CVE-2022-247xx/CVE-2022-24730.json index 148deacbd05..f4e4bf071cb 100644 --- a/CVE-2022/CVE-2022-247xx/CVE-2022-24730.json +++ b/CVE-2022/CVE-2022-247xx/CVE-2022-24730.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24730", "sourceIdentifier": "security-advisories@github.com", "published": "2022-03-23T21:15:08.023", - "lastModified": "2022-04-01T14:04:27.673", + "lastModified": "2023-06-23T19:16:54.907", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,11 +90,11 @@ "description": [ { "lang": "en", - "value": "CWE-209" + "value": "CWE-22" }, { "lang": "en", - "value": "CWE-22" + "value": "CWE-863" } ] }, diff --git a/CVE-2022/CVE-2022-247xx/CVE-2022-24748.json b/CVE-2022/CVE-2022-247xx/CVE-2022-24748.json index e7b2b30351f..da9e348f507 100644 --- a/CVE-2022/CVE-2022-247xx/CVE-2022-24748.json +++ b/CVE-2022/CVE-2022-247xx/CVE-2022-24748.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24748", "sourceIdentifier": "security-advisories@github.com", "published": "2022-03-09T23:15:08.373", - "lastModified": "2022-03-17T17:32:46.560", + "lastModified": "2023-06-23T19:17:08.653", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,8 +85,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-247xx/CVE-2022-24768.json b/CVE-2022/CVE-2022-247xx/CVE-2022-24768.json index e4ce3fe86d9..565626f9f75 100644 --- a/CVE-2022/CVE-2022-247xx/CVE-2022-24768.json +++ b/CVE-2022/CVE-2022-247xx/CVE-2022-24768.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24768", "sourceIdentifier": "security-advisories@github.com", "published": "2022-03-23T22:15:13.143", - "lastModified": "2022-04-01T14:01:43.967", + "lastModified": "2023-06-23T18:59:47.923", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-862" } ] }, diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24813.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24813.json index 18baf69ccbc..1519c334d8f 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24813.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24813.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24813", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-04T18:15:07.993", - "lastModified": "2022-04-13T12:23:44.603", + "lastModified": "2023-06-23T19:01:44.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,8 +85,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24818.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24818.json index 7f1f2ebd0cb..c5a6a34716d 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24818.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24818.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24818", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-13T21:15:07.753", - "lastModified": "2022-04-21T18:00:50.807", + "lastModified": "2023-06-23T19:10:04.380", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,8 +85,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-917" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24828.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24828.json index 9b43cdc7ece..f249f61a046 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24828.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24828.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24828", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-13T21:15:07.820", - "lastModified": "2022-09-09T16:51:33.383", + "lastModified": "2023-06-23T19:22:47.377", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-94" + "value": "CWE-88" } ] }, diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24838.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24838.json index 02f5fab8250..055ca7664fd 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24838.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24838.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24838", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-11T21:15:08.760", - "lastModified": "2022-04-19T15:32:08.713", + "lastModified": "2023-06-23T19:22:09.907", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-77" + "value": "CWE-74" } ] }, diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24847.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24847.json index 2fbf687ab00..1a4771c7a65 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24847.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24847.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24847", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-13T22:15:08.400", - "lastModified": "2022-04-21T18:23:24.500", + "lastModified": "2023-06-23T19:22:04.620", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,8 +85,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-917" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24882.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24882.json index ab9cb88d56a..8c556fa388e 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24882.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24882.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24882", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-26T16:15:47.813", - "lastModified": "2022-11-16T19:54:13.070", + "lastModified": "2023-06-23T19:32:51.623", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-287" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24891.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24891.json index 939f9965e91..56f7c270247 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24891.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24891.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24891", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-27T21:15:08.523", - "lastModified": "2023-02-23T18:48:03.897", + "lastModified": "2023-06-23T19:33:22.173", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,17 +85,17 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-79" + "value": "NVD-CWE-Other" } ] }, { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24895.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24895.json index 50401f62a91..2769624764c 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24895.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24895.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24895", "sourceIdentifier": "security-advisories@github.com", "published": "2023-02-03T22:15:11.273", - "lastModified": "2023-02-15T14:25:50.550", + "lastModified": "2023-06-23T19:39:19.693", "vulnStatus": "Analyzed", "descriptions": [ { @@ -56,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-249xx/CVE-2022-24900.json b/CVE-2022/CVE-2022-249xx/CVE-2022-24900.json index 7747011a49b..bc2b943e549 100644 --- a/CVE-2022/CVE-2022-249xx/CVE-2022-24900.json +++ b/CVE-2022/CVE-2022-249xx/CVE-2022-24900.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24900", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-29T14:15:11.377", - "lastModified": "2022-05-10T17:42:27.303", + "lastModified": "2023-06-23T19:35:36.413", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-610" + "value": "CWE-668" } ] }, diff --git a/CVE-2022/CVE-2022-249xx/CVE-2022-24903.json b/CVE-2022/CVE-2022-249xx/CVE-2022-24903.json index 5657f3c64ce..335b5054384 100644 --- a/CVE-2022/CVE-2022-249xx/CVE-2022-24903.json +++ b/CVE-2022/CVE-2022-249xx/CVE-2022-24903.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24903", "sourceIdentifier": "security-advisories@github.com", "published": "2022-05-06T00:15:07.873", - "lastModified": "2023-01-20T13:52:27.217", + "lastModified": "2023-06-23T19:43:16.750", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,22 +85,22 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-120" + "value": "CWE-1284" } ] }, { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-787" + "value": "CWE-120" } ] } diff --git a/CVE-2022/CVE-2022-249xx/CVE-2022-24926.json b/CVE-2022/CVE-2022-249xx/CVE-2022-24926.json index f889ae58db0..f1ae627c4af 100644 --- a/CVE-2022/CVE-2022-249xx/CVE-2022-24926.json +++ b/CVE-2022/CVE-2022-249xx/CVE-2022-24926.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24926", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-02-11T18:15:12.657", - "lastModified": "2022-02-22T16:48:10.637", + "lastModified": "2023-06-23T18:45:00.747", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-79" } ] }, diff --git a/CVE-2022/CVE-2022-249xx/CVE-2022-24930.json b/CVE-2022/CVE-2022-249xx/CVE-2022-24930.json index 723a1e0d4fa..7a0bfa685b8 100644 --- a/CVE-2022/CVE-2022-249xx/CVE-2022-24930.json +++ b/CVE-2022/CVE-2022-249xx/CVE-2022-24930.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24930", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-03-10T17:46:56.017", - "lastModified": "2022-03-17T01:16:10.860", + "lastModified": "2023-06-23T18:36:22.077", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-249xx/CVE-2022-24931.json b/CVE-2022/CVE-2022-249xx/CVE-2022-24931.json index 3623eebc71c..33a157c4db3 100644 --- a/CVE-2022/CVE-2022-249xx/CVE-2022-24931.json +++ b/CVE-2022/CVE-2022-249xx/CVE-2022-24931.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24931", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-03-10T17:46:56.907", - "lastModified": "2022-03-17T01:28:47.623", + "lastModified": "2023-06-23T18:40:20.840", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2458.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2458.json index 9e8f64fbd1d..5db62d04c2b 100644 --- a/CVE-2022/CVE-2022-24xx/CVE-2022-2458.json +++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2458.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2458", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-10T20:15:36.367", - "lastModified": "2022-08-15T19:36:23.957", + "lastModified": "2023-06-23T18:41:19.240", "vulnStatus": "Analyzed", "descriptions": [ { @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-91" + "value": "CWE-611" } ] }, diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25151.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25151.json index b67df7fe23f..7f250e0657a 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25151.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25151.json @@ -2,7 +2,7 @@ "id": "CVE-2022-25151", "sourceIdentifier": "csirt@divd.nl", "published": "2022-06-09T17:15:08.787", - "lastModified": "2022-06-16T12:45:56.373", + "lastModified": "2023-06-23T18:57:58.710", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-732" } ] }, diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25168.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25168.json index 4c5ee44fc25..014a47b8e4c 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25168.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25168.json @@ -2,7 +2,7 @@ "id": "CVE-2022-25168", "sourceIdentifier": "security@apache.org", "published": "2022-08-04T15:15:08.343", - "lastModified": "2022-10-28T18:33:24.940", + "lastModified": "2023-06-23T18:58:18.473", "vulnStatus": "Analyzed", "descriptions": [ { @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-88" + "value": "CWE-78" } ] }, diff --git a/CVE-2022/CVE-2022-255xx/CVE-2022-25597.json b/CVE-2022/CVE-2022-255xx/CVE-2022-25597.json index ca1bfe77605..00981c84495 100644 --- a/CVE-2022/CVE-2022-255xx/CVE-2022-25597.json +++ b/CVE-2022/CVE-2022-255xx/CVE-2022-25597.json @@ -2,7 +2,7 @@ "id": "CVE-2022-25597", "sourceIdentifier": "twcert@cert.org.tw", "published": "2022-04-07T19:15:08.860", - "lastModified": "2022-04-14T20:09:10.477", + "lastModified": "2023-06-23T18:24:28.577", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-78" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-258xx/CVE-2022-25824.json b/CVE-2022/CVE-2022-258xx/CVE-2022-25824.json index 43ecdce6adc..49caa9c4ae0 100644 --- a/CVE-2022/CVE-2022-258xx/CVE-2022-25824.json +++ b/CVE-2022/CVE-2022-258xx/CVE-2022-25824.json @@ -2,7 +2,7 @@ "id": "CVE-2022-25824", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-03-10T17:47:23.060", - "lastModified": "2022-03-18T16:33:03.393", + "lastModified": "2023-06-23T18:22:41.267", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-258xx/CVE-2022-25831.json b/CVE-2022/CVE-2022-258xx/CVE-2022-25831.json index b732644f64c..1cc439158ce 100644 --- a/CVE-2022/CVE-2022-258xx/CVE-2022-25831.json +++ b/CVE-2022/CVE-2022-258xx/CVE-2022-25831.json @@ -2,7 +2,7 @@ "id": "CVE-2022-25831", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-04-11T20:15:20.717", - "lastModified": "2022-04-18T17:55:34.327", + "lastModified": "2023-06-23T18:22:59.517", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-287" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2552.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2552.json index 2236f0f73f3..a27f231137e 100644 --- a/CVE-2022/CVE-2022-25xx/CVE-2022-2552.json +++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2552.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2552", "sourceIdentifier": "contact@wpscan.com", "published": "2022-08-22T15:15:15.373", - "lastModified": "2022-10-27T17:56:48.497", + "lastModified": "2023-06-23T18:24:44.350", "vulnStatus": "Analyzed", "descriptions": [ { @@ -40,17 +40,21 @@ }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-306" + }, + { + "lang": "en", + "value": "CWE-862" } ] }, { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-427xx/CVE-2022-42792.json b/CVE-2022/CVE-2022-427xx/CVE-2022-42792.json new file mode 100644 index 00000000000..19f2ca53a8c --- /dev/null +++ b/CVE-2022/CVE-2022-427xx/CVE-2022-42792.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42792", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.507", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213489", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42807.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42807.json new file mode 100644 index 00000000000..0d1fd3a65c8 --- /dev/null +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42807.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42807", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.553", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42834.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42834.json new file mode 100644 index 00000000000..99f2b6fbcb7 --- /dev/null +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42834.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2022-42834", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.597", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213603", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213604", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42860.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42860.json new file mode 100644 index 00000000000..1b8610344cd --- /dev/null +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42860.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2022-42860", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.647", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213493", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213494", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-436xx/CVE-2022-43684.json b/CVE-2022/CVE-2022-436xx/CVE-2022-43684.json index d3907207e58..f49a3d6e278 100644 --- a/CVE-2022/CVE-2022-436xx/CVE-2022-43684.json +++ b/CVE-2022/CVE-2022-436xx/CVE-2022-43684.json @@ -2,8 +2,8 @@ "id": "CVE-2022-43684", "sourceIdentifier": "psirt@servicenow.com", "published": "2023-06-13T19:15:09.243", - "lastModified": "2023-06-13T21:27:45.680", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:38:37.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@servicenow.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "psirt@servicenow.com", "type": "Secondary", @@ -46,10 +76,390 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_1_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "1B349D86-36DF-46C1-A268-F9C5EBE80223" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_10:*:*:*:*:*:*", + "matchCriteriaId": "8816E561-8E81-4C30-9C48-7836069202D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3:*:*:*:*:*:*", + "matchCriteriaId": "F9AB04CB-F83E-4C6B-8F5E-9D317845D56E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3a:*:*:*:*:*:*", + "matchCriteriaId": "68E70794-77D1-4B96-B5B4-7E9624153D56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3b:*:*:*:*:*:*", + "matchCriteriaId": "408EF715-7549-47B2-8F36-7D7C693C347D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_4:*:*:*:*:*:*", + "matchCriteriaId": "0CE44A53-AF6C-488F-9163-7162955D9E21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_2:*:*:*:*:*:*", + "matchCriteriaId": "B2B004A9-64C0-4279-AA1E-7CA2C4C9CAC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_2_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "9992847C-D46A-4557-8E3E-3E15619C31DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_2_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "1DF72944-0771-4867-A9FF-EBAA25787FE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_3:*:*:*:*:*:*", + "matchCriteriaId": "6FDDA0D0-5010-4C07-A6C4-D6B2A873E348" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_4:*:*:*:*:*:*", + "matchCriteriaId": "F3AD962E-FCD3-490E-BD60-587227732B92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_4_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "10B1C7D9-E7A6-47FC-94B0-0C73E3C84F6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_5:*:*:*:*:*:*", + "matchCriteriaId": "B0FE839F-229A-459C-AEEB-AFE424764B72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_6:*:*:*:*:*:*", + "matchCriteriaId": "77BE7B49-D510-4D23-BB2A-A2C0FA31B3E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_7:*:*:*:*:*:*", + "matchCriteriaId": "F0D9D4EB-5113-4FC4-B4E1-2E081FE45CF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_8:*:*:*:*:*:*", + "matchCriteriaId": "AB5847EE-379F-48CD-AB5C-472582EEC9FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_9:*:*:*:*:*:*", + "matchCriteriaId": "29725C9C-F01E-48D0-8AC6-EF4187B53461" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*", + "matchCriteriaId": "52C8A7D2-F930-4078-9E9D-E48782E46CBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "512C81E4-0C27-42EC-AD05-7563B50EF1DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*", + "matchCriteriaId": "2B403376-993D-404D-B75B-A2B634095DD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*", + "matchCriteriaId": "A5BBA03C-2A2E-4259-9F8E-99622F6758B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "D609B90C-E67E-461A-8756-36E06E265FF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_3:*:*:*:*:*:*", + "matchCriteriaId": "2A05F1AF-0E08-4280-A006-A27C917C9E82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*", + "matchCriteriaId": "5E3198D2-CC9C-46F7-A366-6C16F3F35439" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*", + "matchCriteriaId": "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "B4FEEDD5-F852-49AA-BDF9-869040C7F3C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "763B0915-14EF-4405-AAB6-78B185D5744B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*", + "matchCriteriaId": "B053530E-1CB3-4A86-BD4B-569750776A53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "4CF1B2AB-D561-4396-AA99-71FCD55B5D3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*", + "matchCriteriaId": "00EE16EE-B759-4BD8-A30B-C952142C860E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "1F157018-E6F2-45D1-8B54-68C051247798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*", + "matchCriteriaId": "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*", + "matchCriteriaId": "FB5BC2C0-A5CF-455F-A732-E49672B5682E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*", + "matchCriteriaId": "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "56E7DB16-6ABC-4ED3-99C1-A33914242405" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "55AC0E29-0F51-4D1D-A5EF-AECD29FAE417" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*", + "matchCriteriaId": "5DCC0D37-6840-4882-84E1-AE1E83ABF31B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "CF53F785-2D19-48FB-9D88-9817785E5082" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "9EAAADE1-5804-44FB-BD9A-881BDA4FE1F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*", + "matchCriteriaId": "DC20DB81-AA27-4BE5-9296-2E4E6000F56B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "DECC9979-3A0B-4F36-85D1-DD539A7D18C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*", + "matchCriteriaId": "563F3D85-A23A-453F-9932-3044F8B5566C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*", + "matchCriteriaId": "3C770579-EDDC-4F46-8288-33A13289A8A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*", + "matchCriteriaId": "78447698-90FF-4010-BF0B-3294E2EBB69B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "A32EF135-C229-49B1-8766-1ED6066C7CC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "22E5BA6F-6C66-4589-8AA9-C76776DCFCCB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*", + "matchCriteriaId": "AE93BECE-CC4A-400A-9322-5E61DA5E6A75" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "38D3CF30-CAC5-49B1-B527-9C9D24C28A54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*", + "matchCriteriaId": "8C48A10D-0295-4023-AB20-0BE4D8AA582A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*", + "matchCriteriaId": "0F42AF52-C388-44BB-B328-5E77CF9E4622" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*", + "matchCriteriaId": "71A44062-D94F-4246-A218-33AD4C43C7FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*", + "matchCriteriaId": "2855AE65-1B96-4537-BB6E-7659114955EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*", + "matchCriteriaId": "63725CBE-34A5-4B9E-BA8E-32E66B89C646" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "9F249B02-DB97-4AFB-A786-AA685AA4E50B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1a:*:*:*:*:*:*", + "matchCriteriaId": "C143A667-EBF1-4F6D-AB21-833B184FBFF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1b:*:*:*:*:*:*", + "matchCriteriaId": "CD9C6C64-E92C-45A8-BC0C-71DE31F70D34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "0C7C2818-6225-4652-B066-A11BD45D4608" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_2b:*:*:*:*:*:*", + "matchCriteriaId": "C46E8D6C-A65F-473B-AFCD-B16EA09023AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*", + "matchCriteriaId": "8B2DC45C-17A0-4D92-AB29-3497DA43707E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "F2822278-2089-4F78-86EE-D63A9516B5A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*", + "matchCriteriaId": "49444E5E-0AB7-4083-8663-089955134AA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*", + "matchCriteriaId": "8B5E2C3D-F838-48E0-8135-455AF964221D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*", + "matchCriteriaId": "2494C288-83E1-48DF-9661-540B26C9137E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*", + "matchCriteriaId": "815997A7-39CB-4C78-B776-54DECE294AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*", + "matchCriteriaId": "DE7FDD4B-163B-462A-A80C-454F5040FF90" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*", + "matchCriteriaId": "FB55D9E6-FD9C-48A8-800D-10C665120792" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*", + "matchCriteriaId": "D481F300-EDF4-4E22-B865-F3AAFCE27692" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*", + "matchCriteriaId": "311B0413-3771-4CAF-9A14-0726B2923A76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:*", + "matchCriteriaId": "E74913AB-25EE-4F18-B2FA-5C261D7ADE25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*", + "matchCriteriaId": "5C99222F-B676-471F-8E44-707024B2B097" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*", + "matchCriteriaId": "4332BE18-DA60-4921-A9DF-C434AB32839B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*", + "matchCriteriaId": "69E0078E-1953-4F4F-9D5A-B1A140C4B310" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489", - "source": "psirt@servicenow.com" + "source": "psirt@servicenow.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44566.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44566.json index e27fca9059a..c2ec692686d 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44566.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44566.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44566", "sourceIdentifier": "support@hackerone.com", "published": "2023-02-09T20:15:11.017", - "lastModified": "2023-02-16T20:22:06.907", + "lastModified": "2023-06-23T18:29:30.760", "vulnStatus": "Analyzed", "descriptions": [ { @@ -41,7 +41,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json index 3f19fdb1258..ba157a14eb7 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44570", "sourceIdentifier": "support@hackerone.com", "published": "2023-02-09T20:15:11.090", - "lastModified": "2023-02-17T16:33:04.063", + "lastModified": "2023-06-23T18:30:05.373", "vulnStatus": "Analyzed", "descriptions": [ { @@ -41,7 +41,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-1333" } ] }, diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46715.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46715.json new file mode 100644 index 00000000000..33f421f6069 --- /dev/null +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46715.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-46715", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.697", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213489", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46718.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46718.json new file mode 100644 index 00000000000..80d012fcf22 --- /dev/null +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46718.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2022-46718", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.743", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213531", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213532", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213533", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213534", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23516.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23516.json new file mode 100644 index 00000000000..3413ed33b61 --- /dev/null +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23516.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-23516", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.797", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213603", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213604", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213605", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23539.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23539.json new file mode 100644 index 00000000000..300a4554051 --- /dev/null +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23539.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-23539", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:10.843", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213605", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24469.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24469.json index 9d76f2cad4d..5b3a2f8363a 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24469.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24469.json @@ -2,27 +2,89 @@ "id": "CVE-2023-24469", "sourceIdentifier": "security@opentext.com", "published": "2023-06-13T22:15:09.317", - "lastModified": "2023-06-15T19:15:10.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:28:17.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:arcsight_logger:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.3.0", + "matchCriteriaId": "4C8F5467-FB16-4E3C-9D26-70937C1E511E" + } + ] + } + ] + } + ], "references": [ { "url": "https://portal.microfocus.com/s/article/KM000018224?language=en_US,", - "source": "security@opentext.com" + "source": "security@opentext.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes/", - "source": "security@opentext.com" + "source": "security@opentext.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.microfocus.com/support/downloads/", - "source": "security@opentext.com" + "source": "security@opentext.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24470.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24470.json index e68f0b1d7ca..a33b68c78d7 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24470.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24470.json @@ -2,27 +2,89 @@ "id": "CVE-2023-24470", "sourceIdentifier": "security@opentext.com", "published": "2023-06-13T23:15:08.937", - "lastModified": "2023-06-14T03:37:44.217", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:23:32.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:arcsight_logger:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.3.0", + "matchCriteriaId": "2CD67067-7EA5-42E2-ACFC-C60145650DE7" + } + ] + } + ] + } + ], "references": [ { "url": "https://portal.microfocus.com/s/article/KM000018224?language=en_US", - "source": "security@opentext.com" + "source": "security@opentext.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes/", - "source": "security@opentext.com" + "source": "security@opentext.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.microfocus.com/support/downloads/,", - "source": "security@opentext.com" + "source": "security@opentext.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25003.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25003.json new file mode 100644 index 00000000000..9ca9ad71959 --- /dev/null +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25003.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-25003", + "sourceIdentifier": "psirt@autodesk.com", + "published": "2023-06-23T19:15:08.983", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", + "source": "psirt@autodesk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25515.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25515.json new file mode 100644 index 00000000000..4b9f1924df1 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25515.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25515", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-06-23T18:15:10.887", + "lastModified": "2023-06-23T19:24:47.997", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. \n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-923" + } + ] + } + ], + "references": [ + { + "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25518.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25518.json new file mode 100644 index 00000000000..0225fc10754 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25518.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25518", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-06-23T18:15:10.970", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. \n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-923" + } + ] + } + ], + "references": [ + { + "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25520.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25520.json new file mode 100644 index 00000000000..27a30db5335 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25520.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25520", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-06-23T18:15:11.033", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nNVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5466", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26515.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26515.json index 0e5c02b126a..4dc27375e16 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26515.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26515.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26515", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-16T11:15:08.850", - "lastModified": "2023-06-16T12:47:13.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:33:57.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simple_slug_translate_project:simple_slug_translate:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.7.3", + "matchCriteriaId": "61953FD3-A906-431B-8833-65D5DD89A6F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simple-slug-translate/wordpress-simple-slug-translate-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26541.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26541.json index bf69e9b7d05..9d0848776cb 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26541.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26541.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26541", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-16T09:15:09.653", - "lastModified": "2023-06-16T12:47:18.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:00:12.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:asmember_project:asmember:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.4", + "matchCriteriaId": "A048B592-7FD4-4375-810D-1110CCD78A6A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/asmember/wordpress-asmember-plugin-1-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27930.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27930.json new file mode 100644 index 00000000000..e6de9431cc9 --- /dev/null +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27930.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-27930", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.097", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27940.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27940.json new file mode 100644 index 00000000000..34616320680 --- /dev/null +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27940.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-27940", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.147", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27964.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27964.json new file mode 100644 index 00000000000..2fdffc32a81 --- /dev/null +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27964.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-27964", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.197", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213752", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2784.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2784.json index 5c9c05f3487..d71c0b152a4 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2784.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2784.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2784", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-06-16T09:15:09.787", - "lastModified": "2023-06-16T12:47:13.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:38:31.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +76,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.8.0", + "versionEndIncluding": "7.8.4", + "matchCriteriaId": "970C833F-3F25-43E1-B7AE-717BF35F998F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.9.0", + "versionEndIncluding": "7.9.3", + "matchCriteriaId": "EB584691-CB58-4D9A-B475-4078ED1984F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost:7.10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "980D0FB9-D2FF-4C31-BC92-07073A8F4BB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28191.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28191.json new file mode 100644 index 00000000000..68a174204ee --- /dev/null +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28191.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-28191", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.240", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28202.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28202.json new file mode 100644 index 00000000000..a0a17582b52 --- /dev/null +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28202.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-28202", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.290", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app firewall setting may not take effect after exiting the Settings app" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28204.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28204.json new file mode 100644 index 00000000000..b0d0eccfc41 --- /dev/null +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28204.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-28204", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.333", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213762", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2807.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2807.json index 7cd5aabf2fd..4b6a3ea139b 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2807.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2807.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2807", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-06-13T12:15:09.380", - "lastModified": "2023-06-13T13:00:37.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:49:50.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "772", + "matchCriteriaId": "A93BD4B6-4029-451C-B6C9-A095794B14CE" + } + ] + } + ] + } + ], "references": [ { "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29501.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29501.json index c0d73520fe4..bc5f8c44543 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29501.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29501.json @@ -2,31 +2,102 @@ "id": "CVE-2023-29501", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-06-13T10:15:10.250", - "lastModified": "2023-06-13T13:00:37.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:34:28.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:runsystem:jiyu_kukan_toku-toku_coupon:*:*:*:*:*:android:*:*", + "versionEndIncluding": "3.5.0", + "matchCriteriaId": "2DEC31D6-A0B2-4ED8-9C07-C2F6915B55B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:runsystem:jiyu_kukan_toku-toku_coupon:*:*:*:*:*:iphone_os:*:*", + "versionEndIncluding": "3.5.0", + "matchCriteriaId": "A195E9E8-A166-4BAC-B12D-03AA53AEC323" + } + ] + } + ] + } + ], "references": [ { "url": "https://apps.apple.com/jp/app/%E8%87%AA%E9%81%8A%E7%A9%BA%E9%96%93%E3%81%A8%E3%81%8F%E3%81%A8%E3%81%8F%E3%82%AF%E3%83%BC%E3%83%9D%E3%83%B3/id608149604", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://jvn.jp/en/jp/JVN33836375/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://play.google.com/store/apps/details?id=jp.runsystem", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.runsystem.co.jp/g1-pr/17570", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31437.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31437.json index f0fcc228305..c1614c1270d 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31437.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31437.json @@ -2,27 +2,88 @@ "id": "CVE-2023-31437", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T17:15:14.657", - "lastModified": "2023-06-14T12:15:09.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:16:38.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-354" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:systemd_project:systemd:253:-:*:*:*:*:*:*", + "matchCriteriaId": "733DE777-9802-4CB6-8B03-6B6295BCE29D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kastel-security/Journald", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/systemd/systemd/releases", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json index d3b6346a2ca..1f2580e3176 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json @@ -2,27 +2,88 @@ "id": "CVE-2023-31438", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T17:15:14.707", - "lastModified": "2023-06-14T12:15:09.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:16:18.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-354" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:systemd_project:systemd:253:-:*:*:*:*:*:*", + "matchCriteriaId": "733DE777-9802-4CB6-8B03-6B6295BCE29D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kastel-security/Journald", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/systemd/systemd/releases", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json index 1ae7b0cc93b..bcf589f5a12 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json @@ -2,27 +2,89 @@ "id": "CVE-2023-31439", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T17:15:14.753", - "lastModified": "2023-06-14T12:15:09.597", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:15:39.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-354" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:systemd_project:systemd:253:-:*:*:*:*:*:*", + "matchCriteriaId": "733DE777-9802-4CB6-8B03-6B6295BCE29D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kastel-security/Journald", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/systemd/systemd/releases", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json index c511af73566..7827f5e46d9 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31975", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-09T13:15:18.590", - "lastModified": "2023-06-23T15:15:09.137", - "vulnStatus": "Modified", + "lastModified": "2023-06-23T18:49:42.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", - "userInteraction": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:tortall:yasm:1.3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "1453CF78-5025-49BF-A1A6-C62F948B5735" + "criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AD6556F7-3880-452A-ABA9-1A8A14BA41F3" } ] } @@ -66,67 +66,131 @@ "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/yasm/yasm/issues/210", diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32351.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32351.json new file mode 100644 index 00000000000..007f6d3ad9c --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32351.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32351", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.383", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213763", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32352.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32352.json new file mode 100644 index 00000000000..6d17a653608 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32352.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-32352", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.427", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32353.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32353.json new file mode 100644 index 00000000000..77f1861a88b --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32353.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32353", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.470", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213763", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32354.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32354.json new file mode 100644 index 00000000000..73fd2e9835d --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32354.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32354", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.513", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32355.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32355.json new file mode 100644 index 00000000000..9790a653903 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32355.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32355", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.553", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32357.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32357.json new file mode 100644 index 00000000000..20128c0b4c8 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32357.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-32357", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.600", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to retain access to system configuration files even after its permission is revoked" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json new file mode 100644 index 00000000000..26f92526aa3 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32360", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.647", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An unauthenticated user may be able to access recently printed documents" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32363.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32363.json new file mode 100644 index 00000000000..993db95b555 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32363.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32363", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.693", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32365.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32365.json new file mode 100644 index 00000000000..56be2477e52 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32365.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-32365", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.733", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32367.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32367.json new file mode 100644 index 00000000000..7979f364a49 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32367.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-32367", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.777", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32368.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32368.json new file mode 100644 index 00000000000..69b67013558 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32368.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-32368", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.823", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json new file mode 100644 index 00000000000..a5167d20eaa --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32369", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.870", + "lastModified": "2023-06-23T19:24:43.457", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32371.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32371.json new file mode 100644 index 00000000000..9232bfaf448 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32371.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-32371", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.917", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32372.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32372.json new file mode 100644 index 00000000000..a3c5ef6cb14 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32372.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32372", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:11.963", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32373.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32373.json new file mode 100644 index 00000000000..3312c3bb22d --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32373.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-32373", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.007", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213762", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32375.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32375.json new file mode 100644 index 00000000000..515e249f57d --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32375.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-32375", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.050", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32376.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32376.json new file mode 100644 index 00000000000..e7fc5486285 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32376.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32376", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.097", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to modify protected parts of the file system" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32380.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32380.json new file mode 100644 index 00000000000..0fd00252df5 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32380.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32380", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.140", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may lead to arbitrary code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32382.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32382.json new file mode 100644 index 00000000000..56774bf3aaa --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32382.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32382", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.190", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32384.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32384.json new file mode 100644 index 00000000000..ae909ece9cb --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32384.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-32384", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.237", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing an image may lead to arbitrary code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32385.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32385.json new file mode 100644 index 00000000000..c3ea8091657 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32385.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-32385", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.283", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32386.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32386.json new file mode 100644 index 00000000000..5f6c1cecf43 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32386.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32386", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.333", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to observe unprotected user data" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32387.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32387.json new file mode 100644 index 00000000000..1cff1573ccc --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32387.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32387", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.373", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32388.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32388.json new file mode 100644 index 00000000000..713dbe7f8d7 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32388.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-32388", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.417", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32389.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32389.json new file mode 100644 index 00000000000..9ac8e4327c2 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32389.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32389", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.467", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32390.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32390.json new file mode 100644 index 00000000000..31293c47db6 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32390.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32390", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.510", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32391.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32391.json new file mode 100644 index 00000000000..936b2edbbd6 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32391.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32391", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.557", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6. A shortcut may be able to use sensitive data with certain actions without prompting the user" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32392.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32392.json new file mode 100644 index 00000000000..a7dde61993f --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32392.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-32392", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.607", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32394.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32394.json new file mode 100644 index 00000000000..8a04a84034a --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32394.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32394", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.657", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32395.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32395.json new file mode 100644 index 00000000000..b28ae363b87 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32395.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32395", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.703", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32397.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32397.json new file mode 100644 index 00000000000..6148d8db492 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32397.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32397", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.743", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32398.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32398.json new file mode 100644 index 00000000000..db861f987ef --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32398.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-32398", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.783", + "lastModified": "2023-06-23T19:24:39.577", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to execute arbitrary code with kernel privileges" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32399.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32399.json new file mode 100644 index 00000000000..9bc46fc1f90 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32399.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32399", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.827", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to read sensitive location information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32400.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32400.json new file mode 100644 index 00000000000..2bf4960535e --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32400.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32400", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.870", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32402.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32402.json new file mode 100644 index 00000000000..346beb545fd --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32402.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-32402", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.917", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213762", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32403.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32403.json new file mode 100644 index 00000000000..99600c93a49 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32403.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-32403", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:12.960", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32404.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32404.json new file mode 100644 index 00000000000..08e02e0c5bd --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32404.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32404", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.007", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. An app may be able to bypass Privacy preferences" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32405.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32405.json new file mode 100644 index 00000000000..9cfae16a7f7 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32405.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32405", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.047", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32407.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32407.json new file mode 100644 index 00000000000..5f57aeee55d --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32407.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-32407", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.093", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32408.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32408.json new file mode 100644 index 00000000000..dcc7aefa95b --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32408.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-32408", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.140", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. An app may be able to read sensitive location information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32409.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32409.json new file mode 100644 index 00000000000..e012feca5e8 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32409.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-32409", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.183", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213762", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32410.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32410.json new file mode 100644 index 00000000000..a0a5dd7e378 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32410.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32410", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.227", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to leak sensitive kernel state" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32411.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32411.json new file mode 100644 index 00000000000..7257e9bd6b1 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32411.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-32411", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.273", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved entitlements. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32412.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32412.json new file mode 100644 index 00000000000..aaed6f1fc25 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32412.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-32412", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.320", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32413.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32413.json new file mode 100644 index 00000000000..2dbbe096efc --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32413.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-32413", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.370", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213765", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32414.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32414.json new file mode 100644 index 00000000000..2041af1ac88 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32414.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32414", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.417", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32415.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32415.json new file mode 100644 index 00000000000..f798b72443a --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32415.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32415", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.457", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32417.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32417.json new file mode 100644 index 00000000000..e453a3e122a --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32417.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32417", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.497", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32419.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32419.json new file mode 100644 index 00000000000..8838901e61f --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32419.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32419", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.540", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32420.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32420.json new file mode 100644 index 00000000000..1d95e25e70e --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32420.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32420", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.583", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to cause unexpected system termination or read kernel memory" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32422.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32422.json new file mode 100644 index 00000000000..03874e13188 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32422.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32422", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.630", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to bypass Privacy preferences" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32423.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32423.json new file mode 100644 index 00000000000..de6e29d72a5 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32423.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-32423", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.677", + "lastModified": "2023-06-23T19:24:35.610", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213761", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213762", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213764", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32434.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32434.json new file mode 100644 index 00000000000..b6be57c2291 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32434.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-32434", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.720", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213808", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213809", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213810", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213811", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213812", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213813", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213814", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32435.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32435.json new file mode 100644 index 00000000000..581d1ecab5e --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32435.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32435", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.767", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213671", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213676", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213811", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32439.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32439.json new file mode 100644 index 00000000000..c472f64ae4f --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32439.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-32439", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-06-23T18:15:13.813", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213811", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213813", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213814", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213816", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32546.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32546.json index 982c1babebe..8a114e3fabf 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32546.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32546.json @@ -2,23 +2,82 @@ "id": "CVE-2023-32546", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-06-13T10:15:10.533", - "lastModified": "2023-06-13T13:00:37.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:35:41.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chatwork:chatwork:*:*:*:*:*:macos:*:*", + "versionEndIncluding": "2.6.43", + "matchCriteriaId": "3B787741-6E9B-4073-81CD-6F42683C96A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://go.chatwork.com/ja/download/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://jvn.jp/en/jp/JVN96828492/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33565.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33565.json new file mode 100644 index 00000000000..4fba3455553 --- /dev/null +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33565.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33565", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T19:15:09.047", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://dl.acm.org/doi/abs/10.1145/3573910.3573912", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/16yashpatel/CVE-2023-33565", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33568.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33568.json index 6ea80c7009c..a0b572058f4 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33568.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33568.json @@ -2,35 +2,107 @@ "id": "CVE-2023-33568", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T15:15:14.147", - "lastModified": "2023-06-15T14:15:09.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:22:43.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.0.5", + "matchCriteriaId": "59B591C6-5EAE-4C67-9D07-201FDBB41FCC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33621.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33621.json index 3361ba5df59..68f0b17f387 100644 --- a/CVE-2023/CVE-2023-336xx/CVE-2023-33621.json +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33621.json @@ -2,27 +2,101 @@ "id": "CVE-2023-33621", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T16:15:13.027", - "lastModified": "2023-06-13T16:54:51.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:18:31.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gl-inet:gl-ar750s_firmware:3.215:*:*:*:*:*:*:*", + "matchCriteriaId": "99E78333-5DE5-4577-8DE2-5C0C8B4EE5BB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C939D70-5353-43B7-AEF9-8F1D784DD4EF" + } + ] + } + ] + } + ], "references": [ { "url": "http://gl-ar750s-ext.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://glinet.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://justinapplegate.me/2023/glinet-CVE-2023-33621/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33986.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33986.json index acaa3e38ddd..33218761fd8 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33986.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33986.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33986", "sourceIdentifier": "cna@sap.com", "published": "2023-06-13T03:15:09.760", - "lastModified": "2023-06-13T13:00:47.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:33:00.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:customer_relationship_management_abap:430:*:*:*:*:*:*:*", + "matchCriteriaId": "945DBBAA-13ED-4B50-B894-E0240FE97F04" + } + ] + } + ] + } + ], "references": [ { "url": "https://launchpad.support.sap.com/#/notes/2826092", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3317.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3317.json new file mode 100644 index 00000000000..14ce8f00d49 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3317.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-3317", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-06-23T18:15:14.047", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://patchwork.kernel.org/project/linux-wireless/patch/51fd8f76494348aa9ecbf0abc471ebe47a983dfd.1679502607.git.lorenzo@kernel.org/", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3393.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3393.json new file mode 100644 index 00000000000..a25a16fff85 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3393.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3393", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-06-23T19:15:09.793", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": " Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3394.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3394.json new file mode 100644 index 00000000000..afe56e2c399 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3394.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3394", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-06-23T19:15:09.860", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34101.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34101.json index ab8529dbe0f..f1a3282cbcc 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34101.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34101.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34101", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T15:15:10.073", - "lastModified": "2023-06-14T15:30:49.300", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T18:18:09.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.8", + "matchCriteriaId": "729B4607-C6BD-42DE-91BF-918A57D29A77" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/contiki-ng/contiki-ng/pull/2435", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-fp66-ff6x-7w2w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34115.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34115.json index b7af58940fd..243be510516 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34115.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34115.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34115", "sourceIdentifier": "security@zoom.us", "published": "2023-06-13T19:15:09.500", - "lastModified": "2023-06-13T21:27:45.680", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T18:18:54.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.0, + "impactScore": 1.4 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meeting_sdk:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.13.0", + "matchCriteriaId": "9163A8C6-3D29-427A-B58A-A23353C9EE3A" + } + ] + } + ] + } + ], "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34241.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34241.json index 13f16dab3fb..37957d6f44d 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34241.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34241.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34241", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-22T23:15:09.493", - "lastModified": "2023-06-23T13:03:31.027", + "lastModified": "2023-06-23T18:15:13.860", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/06/23/10", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34247.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34247.json index d520b7702dc..7de0476e9ab 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34247.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34247.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34247", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-13T17:15:14.920", - "lastModified": "2023-06-13T18:27:41.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:05:57.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:*", + "versionEndIncluding": "7.0.0", + "matchCriteriaId": "AA525A33-E330-4583-BE48-F769EE3C2202" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/keystonejs/keystone/pull/8626", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34249.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34249.json index 9b2f5d06138..0ab1952bab8 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34249.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34249.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34249", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-13T17:15:15.003", - "lastModified": "2023-06-13T18:27:41.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T18:57:26.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pybb_project:pybb:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.1.0", + "matchCriteriaId": "6C97D6AC-4F49-450F-8D99-33C59D47C50B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34252.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34252.json index e9254c39957..93905f3af2d 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34252.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34252.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34252", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T22:15:09.397", - "lastModified": "2023-06-15T12:39:22.420", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T18:04:21.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,22 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.42", + "matchCriteriaId": "758F84B9-A2EC-45D8-86DD-B309DB02B9AE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Twig/Extension/GravExtension.php#L1692-L1698", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1956-L2074", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/getgrav/grav/security/advisories/GHSA-96xv-rmwj-6p9w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34671.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34671.json new file mode 100644 index 00000000000..52e52d54df3 --- /dev/null +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34671.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-34671", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T18:15:13.927", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://elenos.com", + "source": "cve@mitre.org" + }, + { + "url": "https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34671", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34672.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34672.json new file mode 100644 index 00000000000..1f903f42871 --- /dev/null +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34672.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-34672", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T19:15:09.097", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://elenos.com", + "source": "cve@mitre.org" + }, + { + "url": "https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34672", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34673.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34673.json new file mode 100644 index 00000000000..e5429ca7b7c --- /dev/null +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34673.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-34673", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T19:15:09.140", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://elenos.com", + "source": "cve@mitre.org" + }, + { + "url": "https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34673", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34845.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34845.json index 482d08371c0..616acafac0e 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34845.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34845.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34845", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T04:15:14.143", - "lastModified": "2023-06-16T12:47:18.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T18:54:20.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Se descubri\u00f3 que Bludit v3.14.1 contiene una vulnerabilidad de carga de archivos arbitraria en el componente /admin/new-content. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la carga de un archivo SVG manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E1884F54-CD39-43CC-B52B-8B2335A09CDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/bludit/bludit/issues/1508", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34867.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34867.json index 13c19550684..91b08fdc500 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34867.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34867.json @@ -2,19 +2,75 @@ "id": "CVE-2023-34867", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-14T16:15:20.277", - "lastModified": "2023-06-14T18:20:18.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T18:46:59.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jerryscript:jerryscript:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B1A23519-19ED-4F75-9CAA-42057F88EDE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jerryscript-project/jerryscript/issues/5084", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34868.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34868.json index fb64c7ed968..523079cd7dd 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34868.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34868.json @@ -2,19 +2,75 @@ "id": "CVE-2023-34868", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-14T16:15:20.323", - "lastModified": "2023-06-14T18:20:18.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T18:34:10.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jerryscript:jerryscript:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B1A23519-19ED-4F75-9CAA-42057F88EDE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jerryscript-project/jerryscript/issues/5083", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34965.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34965.json index 20961faa449..da30c5929ba 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34965.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34965.json @@ -2,27 +2,89 @@ "id": "CVE-2023-34965", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T19:15:09.587", - "lastModified": "2023-06-13T21:27:45.680", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T18:14:58.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sspanel-uim_project:sspanel-uim:2023.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C7BA28FA-C334-47AC-8EE2-2B307AB6415B" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.google.com/document/d/1TbHYGW65o1HBZoDf0rUDQMHPJE6qfQAvqdFv1DYY4BU/edit?usp=sharing", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/AgentY0/CVE-2023-34965", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/Anankke/SSPanel-Uim", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35064.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35064.json index 29cb3e51796..df6154c844f 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35064.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35064.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35064", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-06-13T15:15:14.257", - "lastModified": "2023-06-13T16:54:51.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:21:19.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:satos:satos_mobile:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20230607", + "matchCriteriaId": "18C360C1-396A-4AE1-A896-D2871EF8A49F" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://www.usom.gov.tr/bildirim/tr-23-0346", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35141.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35141.json index 38b63883f90..9c1739c1106 100644 --- a/CVE-2023/CVE-2023-351xx/CVE-2023-35141.json +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35141.json @@ -2,23 +2,89 @@ "id": "CVE-2023-35141", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-06-14T13:15:11.823", - "lastModified": "2023-06-14T15:30:58.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T19:36:43.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", + "versionEndExcluding": "2.400", + "matchCriteriaId": "9C643451-F18D-4A82-8E89-10EE4C1EBFE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "2.401.1", + "matchCriteriaId": "7122C22C-3F03-421E-AA45-1F5A26F030FE" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/06/14/5", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35153.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35153.json new file mode 100644 index 00000000000..2ae78187547 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35153.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-35153", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T18:15:13.970", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20365", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35155.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35155.json new file mode 100644 index 00000000000..e42afcc153d --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35155.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-35155", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T19:15:09.190", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message=I+wanted+to+share+this+page+with+you.`, where `` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20370", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35156.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35156.json new file mode 100644 index 00000000000..a4f11bd3a26 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35156.json @@ -0,0 +1,79 @@ +{ + "id": "CVE-2023-35156", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T19:15:09.263", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn't enough to entirely fix the vulnerability. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-87" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/13875a6437d4525ac4aeea25918f2d2dffac9ee1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/24ec12890ac7fa6daec8d0b3435cfcba11362fd5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/e80d22d193df364b07bab7925572720f91a8984a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-834c-x29c-f42c", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20341", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20583", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20672", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35157.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35157.json new file mode 100644 index 00000000000..4551713edb3 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35157.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-35157", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T19:15:09.343", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20339", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35158.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35158.json new file mode 100644 index 00000000000..48efb6db2d7 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35158.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-35158", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T19:15:09.420", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-87" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/d5472100606c8355ed44ada273e91df91f682738", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mwxj-g7fw-7hc8", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20352", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20583", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35159.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35159.json new file mode 100644 index 00000000000..67b330c4227 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35159.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-35159", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T19:15:09.497", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-87" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/5c20ff5e3bdea50f1053fe99a27e011b8d0e4b34", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20583", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20612", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35160.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35160.json new file mode 100644 index 00000000000..12947f836cf --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35160.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-35160", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T19:15:09.570", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-87" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20343", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20583", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35161.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35161.json new file mode 100644 index 00000000000..a904067f8e4 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35161.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-35161", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T19:15:09.647", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-87" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4xm7-5q79-3fch", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20583", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20614", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35162.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35162.json new file mode 100644 index 00000000000..0b3222d1351 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35162.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-35162", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T19:15:09.720", + "lastModified": "2023-06-23T19:24:31.607", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/9f01166b1a8ee9639666099eb5040302df067e4d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q9hg-9qj2-mxf9", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20342", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20583", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8412778910e..e338e15b4c0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-23T18:00:29.230291+00:00 +2023-06-23T20:00:27.060629+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-23T17:59:57.060000+00:00 +2023-06-23T19:49:50.537000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218391 +218481 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `90` -* [CVE-2023-34465](CVE-2023/CVE-2023-344xx/CVE-2023-34465.json) (`2023-06-23T16:15:09.303`) -* [CVE-2023-34466](CVE-2023/CVE-2023-344xx/CVE-2023-34466.json) (`2023-06-23T16:15:09.393`) -* [CVE-2023-35925](CVE-2023/CVE-2023-359xx/CVE-2023-35925.json) (`2023-06-23T16:15:09.477`) -* [CVE-2023-36284](CVE-2023/CVE-2023-362xx/CVE-2023-36284.json) (`2023-06-23T16:15:09.573`) -* [CVE-2023-36287](CVE-2023/CVE-2023-362xx/CVE-2023-36287.json) (`2023-06-23T16:15:09.630`) -* [CVE-2023-3391](CVE-2023/CVE-2023-33xx/CVE-2023-3391.json) (`2023-06-23T16:15:09.693`) -* [CVE-2023-34467](CVE-2023/CVE-2023-344xx/CVE-2023-34467.json) (`2023-06-23T17:15:09.310`) -* [CVE-2023-35150](CVE-2023/CVE-2023-351xx/CVE-2023-35150.json) (`2023-06-23T17:15:09.380`) -* [CVE-2023-35151](CVE-2023/CVE-2023-351xx/CVE-2023-35151.json) (`2023-06-23T17:15:09.457`) -* [CVE-2023-35152](CVE-2023/CVE-2023-351xx/CVE-2023-35152.json) (`2023-06-23T17:15:09.533`) +* [CVE-2023-32397](CVE-2023/CVE-2023-323xx/CVE-2023-32397.json) (`2023-06-23T18:15:12.743`) +* [CVE-2023-32398](CVE-2023/CVE-2023-323xx/CVE-2023-32398.json) (`2023-06-23T18:15:12.783`) +* [CVE-2023-25518](CVE-2023/CVE-2023-255xx/CVE-2023-25518.json) (`2023-06-23T18:15:10.970`) +* [CVE-2023-25520](CVE-2023/CVE-2023-255xx/CVE-2023-25520.json) (`2023-06-23T18:15:11.033`) +* [CVE-2023-27930](CVE-2023/CVE-2023-279xx/CVE-2023-27930.json) (`2023-06-23T18:15:11.097`) +* [CVE-2023-27940](CVE-2023/CVE-2023-279xx/CVE-2023-27940.json) (`2023-06-23T18:15:11.147`) +* [CVE-2023-27964](CVE-2023/CVE-2023-279xx/CVE-2023-27964.json) (`2023-06-23T18:15:11.197`) +* [CVE-2023-28191](CVE-2023/CVE-2023-281xx/CVE-2023-28191.json) (`2023-06-23T18:15:11.240`) +* [CVE-2023-28202](CVE-2023/CVE-2023-282xx/CVE-2023-28202.json) (`2023-06-23T18:15:11.290`) +* [CVE-2023-28204](CVE-2023/CVE-2023-282xx/CVE-2023-28204.json) (`2023-06-23T18:15:11.333`) +* [CVE-2023-32351](CVE-2023/CVE-2023-323xx/CVE-2023-32351.json) (`2023-06-23T18:15:11.383`) +* [CVE-2023-32352](CVE-2023/CVE-2023-323xx/CVE-2023-32352.json) (`2023-06-23T18:15:11.427`) +* [CVE-2023-32353](CVE-2023/CVE-2023-323xx/CVE-2023-32353.json) (`2023-06-23T18:15:11.470`) +* [CVE-2023-32354](CVE-2023/CVE-2023-323xx/CVE-2023-32354.json) (`2023-06-23T18:15:11.513`) +* [CVE-2023-32355](CVE-2023/CVE-2023-323xx/CVE-2023-32355.json) (`2023-06-23T18:15:11.553`) +* [CVE-2023-32357](CVE-2023/CVE-2023-323xx/CVE-2023-32357.json) (`2023-06-23T18:15:11.600`) +* [CVE-2023-32360](CVE-2023/CVE-2023-323xx/CVE-2023-32360.json) (`2023-06-23T18:15:11.647`) +* [CVE-2023-32363](CVE-2023/CVE-2023-323xx/CVE-2023-32363.json) (`2023-06-23T18:15:11.693`) +* [CVE-2023-32365](CVE-2023/CVE-2023-323xx/CVE-2023-32365.json) (`2023-06-23T18:15:11.733`) +* [CVE-2023-32367](CVE-2023/CVE-2023-323xx/CVE-2023-32367.json) (`2023-06-23T18:15:11.777`) +* [CVE-2023-32368](CVE-2023/CVE-2023-323xx/CVE-2023-32368.json) (`2023-06-23T18:15:11.823`) +* [CVE-2023-32369](CVE-2023/CVE-2023-323xx/CVE-2023-32369.json) (`2023-06-23T18:15:11.870`) +* [CVE-2023-23516](CVE-2023/CVE-2023-235xx/CVE-2023-23516.json) (`2023-06-23T18:15:10.797`) +* [CVE-2023-23539](CVE-2023/CVE-2023-235xx/CVE-2023-23539.json) (`2023-06-23T18:15:10.843`) +* [CVE-2023-25515](CVE-2023/CVE-2023-255xx/CVE-2023-25515.json) (`2023-06-23T18:15:10.887`) ### CVEs modified in the last Commit -Recently modified CVEs: `34` +Recently modified CVEs: `58` -* [CVE-2022-47076](CVE-2022/CVE-2022-470xx/CVE-2022-47076.json) (`2023-06-23T17:15:09.180`) -* [CVE-2022-4927](CVE-2022/CVE-2022-49xx/CVE-2022-4927.json) (`2023-06-23T17:18:06.220`) -* [CVE-2022-45910](CVE-2022/CVE-2022-459xx/CVE-2022-45910.json) (`2023-06-23T17:30:40.503`) -* [CVE-2022-4613](CVE-2022/CVE-2022-46xx/CVE-2022-4613.json) (`2023-06-23T17:45:50.137`) -* [CVE-2022-46355](CVE-2022/CVE-2022-463xx/CVE-2022-46355.json) (`2023-06-23T17:49:07.097`) -* [CVE-2022-25310](CVE-2022/CVE-2022-253xx/CVE-2022-25310.json) (`2023-06-23T17:50:23.680`) -* [CVE-2022-46145](CVE-2022/CVE-2022-461xx/CVE-2022-46145.json) (`2023-06-23T17:54:04.830`) -* [CVE-2022-46333](CVE-2022/CVE-2022-463xx/CVE-2022-46333.json) (`2023-06-23T17:55:17.323`) -* [CVE-2022-25371](CVE-2022/CVE-2022-253xx/CVE-2022-25371.json) (`2023-06-23T17:57:34.310`) -* [CVE-2022-25172](CVE-2022/CVE-2022-251xx/CVE-2022-25172.json) (`2023-06-23T17:59:57.060`) -* [CVE-2023-27585](CVE-2023/CVE-2023-275xx/CVE-2023-27585.json) (`2023-06-23T16:15:09.087`) -* [CVE-2023-2986](CVE-2023/CVE-2023-29xx/CVE-2023-2986.json) (`2023-06-23T16:15:09.193`) -* [CVE-2023-34617](CVE-2023/CVE-2023-346xx/CVE-2023-34617.json) (`2023-06-23T16:16:08.900`) -* [CVE-2023-25434](CVE-2023/CVE-2023-254xx/CVE-2023-25434.json) (`2023-06-23T16:25:42.077`) -* [CVE-2023-34565](CVE-2023/CVE-2023-345xx/CVE-2023-34565.json) (`2023-06-23T16:32:00.177`) -* [CVE-2023-26965](CVE-2023/CVE-2023-269xx/CVE-2023-26965.json) (`2023-06-23T16:35:15.000`) -* [CVE-2023-34362](CVE-2023/CVE-2023-343xx/CVE-2023-34362.json) (`2023-06-23T17:15:09.243`) -* [CVE-2023-34824](CVE-2023/CVE-2023-348xx/CVE-2023-34824.json) (`2023-06-23T17:18:09.090`) -* [CVE-2023-34823](CVE-2023/CVE-2023-348xx/CVE-2023-34823.json) (`2023-06-23T17:28:17.633`) -* [CVE-2023-35149](CVE-2023/CVE-2023-351xx/CVE-2023-35149.json) (`2023-06-23T17:32:50.523`) -* [CVE-2023-30150](CVE-2023/CVE-2023-301xx/CVE-2023-30150.json) (`2023-06-23T17:36:03.973`) -* [CVE-2023-35146](CVE-2023/CVE-2023-351xx/CVE-2023-35146.json) (`2023-06-23T17:41:06.993`) -* [CVE-2023-35142](CVE-2023/CVE-2023-351xx/CVE-2023-35142.json) (`2023-06-23T17:42:10.913`) -* [CVE-2023-34253](CVE-2023/CVE-2023-342xx/CVE-2023-34253.json) (`2023-06-23T17:48:02.437`) -* [CVE-2023-31671](CVE-2023/CVE-2023-316xx/CVE-2023-31671.json) (`2023-06-23T17:54:22.977`) +* [CVE-2023-34241](CVE-2023/CVE-2023-342xx/CVE-2023-34241.json) (`2023-06-23T18:15:13.860`) +* [CVE-2023-34101](CVE-2023/CVE-2023-341xx/CVE-2023-34101.json) (`2023-06-23T18:18:09.143`) +* [CVE-2023-34115](CVE-2023/CVE-2023-341xx/CVE-2023-34115.json) (`2023-06-23T18:18:54.580`) +* [CVE-2023-34868](CVE-2023/CVE-2023-348xx/CVE-2023-34868.json) (`2023-06-23T18:34:10.497`) +* [CVE-2023-34867](CVE-2023/CVE-2023-348xx/CVE-2023-34867.json) (`2023-06-23T18:46:59.963`) +* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-23T18:49:42.833`) +* [CVE-2023-34845](CVE-2023/CVE-2023-348xx/CVE-2023-34845.json) (`2023-06-23T18:54:20.387`) +* [CVE-2023-34249](CVE-2023/CVE-2023-342xx/CVE-2023-34249.json) (`2023-06-23T18:57:26.500`) +* [CVE-2023-26541](CVE-2023/CVE-2023-265xx/CVE-2023-26541.json) (`2023-06-23T19:00:12.567`) +* [CVE-2023-34247](CVE-2023/CVE-2023-342xx/CVE-2023-34247.json) (`2023-06-23T19:05:57.207`) +* [CVE-2023-31439](CVE-2023/CVE-2023-314xx/CVE-2023-31439.json) (`2023-06-23T19:15:39.693`) +* [CVE-2023-31438](CVE-2023/CVE-2023-314xx/CVE-2023-31438.json) (`2023-06-23T19:16:18.397`) +* [CVE-2023-31437](CVE-2023/CVE-2023-314xx/CVE-2023-31437.json) (`2023-06-23T19:16:38.727`) +* [CVE-2023-33621](CVE-2023/CVE-2023-336xx/CVE-2023-33621.json) (`2023-06-23T19:18:31.097`) +* [CVE-2023-35064](CVE-2023/CVE-2023-350xx/CVE-2023-35064.json) (`2023-06-23T19:21:19.787`) +* [CVE-2023-33568](CVE-2023/CVE-2023-335xx/CVE-2023-33568.json) (`2023-06-23T19:22:43.680`) +* [CVE-2023-24470](CVE-2023/CVE-2023-244xx/CVE-2023-24470.json) (`2023-06-23T19:23:32.700`) +* [CVE-2023-24469](CVE-2023/CVE-2023-244xx/CVE-2023-24469.json) (`2023-06-23T19:28:17.867`) +* [CVE-2023-33986](CVE-2023/CVE-2023-339xx/CVE-2023-33986.json) (`2023-06-23T19:33:00.763`) +* [CVE-2023-26515](CVE-2023/CVE-2023-265xx/CVE-2023-26515.json) (`2023-06-23T19:33:57.187`) +* [CVE-2023-29501](CVE-2023/CVE-2023-295xx/CVE-2023-29501.json) (`2023-06-23T19:34:28.727`) +* [CVE-2023-32546](CVE-2023/CVE-2023-325xx/CVE-2023-32546.json) (`2023-06-23T19:35:41.590`) +* [CVE-2023-35141](CVE-2023/CVE-2023-351xx/CVE-2023-35141.json) (`2023-06-23T19:36:43.300`) +* [CVE-2023-2784](CVE-2023/CVE-2023-27xx/CVE-2023-2784.json) (`2023-06-23T19:38:31.707`) +* [CVE-2023-2807](CVE-2023/CVE-2023-28xx/CVE-2023-2807.json) (`2023-06-23T19:49:50.537`) ## Download and Usage