diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22299.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22299.json index 0a9daa87633..14b1e645d89 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22299.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22299.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22299", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-07-06T15:15:10.713", - "lastModified": "2023-07-06T18:15:10.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:27:09.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +66,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "CF5F2502-0C97-4AC3-BD0A-45065C64F99B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1712", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22306.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22306.json index dc3bed4a289..77fe9dc03cf 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22306.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22306.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22306", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-07-06T15:15:10.823", - "lastModified": "2023-07-06T15:16:38.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:14:31.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +66,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "CF5F2502-0C97-4AC3-BD0A-45065C64F99B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1698", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22814.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22814.json index 9d0821cc543..a509b7894a3 100644 --- a/CVE-2023/CVE-2023-228xx/CVE-2023-22814.json +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22814.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22814", "sourceIdentifier": "psirt@wdc.com", "published": "2023-07-01T00:15:09.970", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T15:25:29.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@wdc.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + }, { "source": "psirt@wdc.com", "type": "Secondary", @@ -46,10 +76,89 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.02.104", + "versionEndExcluding": "5.26.202", + "matchCriteriaId": "6CE3AF08-E7E6-4B65-B9E5-1BBF4B7A75DE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3A9EE86B-05EE-4F2E-A912-624DDCF9C41B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202", - "source": "psirt@wdc.com" + "source": "psirt@wdc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28323.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28323.json index a6ebda08bd1..45f2f98ee08 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28323.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28323.json @@ -2,19 +2,95 @@ "id": "CVE-2023-28323", "sourceIdentifier": "support@hackerone.com", "published": "2023-07-01T00:15:10.057", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T15:55:23.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.\r\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022", + "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*", + "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*", + "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*", + "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*", + "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-28323", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29147.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29147.json index 6df77496f90..e25f91153ce 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29147.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29147.json @@ -2,23 +2,88 @@ "id": "CVE-2023-29147", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-30T21:15:08.920", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:06:20.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:malwarebytes:endpoint_detection_and_response:*:*:*:*:*:linux:*:*", + "versionEndIncluding": "1.0.11", + "matchCriteriaId": "7D95175C-B13B-4220-B3D0-9D22AD788F38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:malwarebytes:malwarebytes:*:*:*:*:*:linux:*:*", + "versionEndIncluding": "1.0.14", + "matchCriteriaId": "8D500260-1522-4A4F-A561-DADBCF11C1D5" + } + ] + } + ] + } + ], "references": [ { "url": "https://malwarebytes.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.malwarebytes.com/secure/cves/cve-2023-29147", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30586.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30586.json index 63943f8acb7..0e5a52265e9 100644 --- a/CVE-2023/CVE-2023-305xx/CVE-2023-30586.json +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30586.json @@ -2,19 +2,74 @@ "id": "CVE-2023-30586", "sourceIdentifier": "support@hackerone.com", "published": "2023-07-01T00:15:10.247", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:01:51.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodejs:node.js:20.0.0:*:*:*:-:*:*:*", + "matchCriteriaId": "8BF2BBF6-205F-4F40-80E6-A65964E6BA0E" + } + ] + } + ] + } + ], "references": [ { "url": "https://hackerone.com/reports/1954535", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33570.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33570.json index 02542457a52..bef65d7327b 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33570.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33570.json @@ -2,19 +2,74 @@ "id": "CVE-2023-33570", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-28T20:15:09.540", - "lastModified": "2023-06-29T15:35:43.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T15:53:05.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webkul:bagisto:1.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "10E1B58E-9A7F-41BA-965C-552477A0A10A" + } + ] + } + ] + } + ], "references": [ { "url": "https://siltonrenato02.medium.com/a-brief-summary-about-a-ssti-to-rce-in-bagisto-e900ac450490", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34654.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34654.json index 951b89256a4..162bcb2e3a8 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34654.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34654.json @@ -2,23 +2,85 @@ "id": "CVE-2023-34654", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-05T20:15:10.427", - "lastModified": "2023-07-05T20:31:30.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T13:59:13.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:taogogo:taocms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.0.2", + "matchCriteriaId": "41AC2F72-2DB5-4ECF-94D4-B7BDBAC68CE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/ae6e361b/b7f162eba1a91df3ad9dc71ec9935960", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/ae6e361b/taocms-XSS", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-347xx/CVE-2023-34736.json b/CVE-2023/CVE-2023-347xx/CVE-2023-34736.json index 97e8ed5a426..d3533c6c89f 100644 --- a/CVE-2023/CVE-2023-347xx/CVE-2023-34736.json +++ b/CVE-2023/CVE-2023-347xx/CVE-2023-34736.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34736", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-28T22:15:09.450", - "lastModified": "2023-06-29T15:35:43.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T12:49:07.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Guantang Equipment Management System versi\u00f3n 4.12 es vulnerable a la subida arbitraria de archivos. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:guantang_equipment_management_system_project:guantang_equipment_management_system:4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "9E287782-E4D2-464F-BB56-ED71C4290BE6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/prismbreak/vulnerabilities/issues/5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3449.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3449.json index f4a8162aaa7..05c410e5d38 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3449.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3449.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3449", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-28T18:15:16.607", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T15:49:23.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*", + "matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MinimoAgoni/cve/blob/main/iboa%20oa.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.232546", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.232546", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35938.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35938.json index d47b562bff8..6b04546df52 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35938.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35938.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35938", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-29T20:15:09.923", - "lastModified": "2023-06-29T23:57:54.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T13:26:11.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*", + "versionEndExcluding": "14.9.99.63", + "matchCriteriaId": "37FD2AC0-3BFA-4755-8696-D2E36ECABC51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*", + "versionEndExcluding": "14.10-1", + "matchCriteriaId": "20547F0A-68CB-46A2-A86E-C74C95E3E953" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a108186e7538676c4bf6e615f793f3b787a09b91", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://tuleap.net/plugins/tracker/?aid=32278", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35947.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35947.json index 458dbfacd83..b9acea7de22 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35947.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35947.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35947", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-30T21:15:09.147", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:13:21.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.6.2", + "matchCriteriaId": "625A3013-4C8A-46A0-9559-A01BDB4C23CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0", + "versionEndExcluding": "8.2", + "matchCriteriaId": "AFC239C5-E6F3-4AF6-A7CE-ACCCA46F5080" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3521.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3521.json index 94c8a5bd473..464ddcfd042 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3521.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3521.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3521", "sourceIdentifier": "security@huntr.dev", "published": "2023-07-06T02:15:09.510", - "lastModified": "2023-07-06T11:55:38.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:01:36.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.5.4", + "matchCriteriaId": "FD927918-5473-4C93-876B-CD900A091403" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36144.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36144.json index 941591c7afe..1945ed51831 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36144.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36144.json @@ -2,23 +2,93 @@ "id": "CVE-2023-36144", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-30T23:15:10.223", - "lastModified": "2023-07-03T01:10:10.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:28:07.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intelbras:sg_2404_mr_firmware:1.00.54:*:*:*:*:*:*:*", + "matchCriteriaId": "14756311-AB06-4EC0-B73E-C68F9E5DF2B5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intelbras:sg_2404_mr:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3EDC560-366C-46A2-AE4A-34FB9C7A5FE1" + } + ] + } + ] + } + ], "references": [ { "url": "http://intelbras.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/leonardobg/CVE-2023-36144", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36183.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36183.json index 55b6c688186..8fe88f5d128 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36183.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36183.json @@ -2,19 +2,77 @@ "id": "CVE-2023-36183", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-03T21:15:09.663", - "lastModified": "2023-07-05T13:00:47.037", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:23:07.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openimageio:openimageio:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.4.12.0", + "matchCriteriaId": "EA4D909F-30A5-434F-82EC-A0106990F50B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OpenImageIO/oiio/issues/3871", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36291.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36291.json index c0c9584235b..57befef30df 100644 --- a/CVE-2023/CVE-2023-362xx/CVE-2023-36291.json +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36291.json @@ -2,19 +2,75 @@ "id": "CVE-2023-36291", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-03T21:15:09.883", - "lastModified": "2023-07-05T13:00:47.037", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T13:28:09.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:maxsite:maxsite_cms:108.7:*:*:*:*:*:*:*", + "matchCriteriaId": "E10ADD5B-D7C6-47E1-8BA0-39C385259F8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/maxsite/cms/issues/500", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36468.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36468.json index eaa2f3e57bb..afa56c925f9 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36468.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36468.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36468", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-29T21:15:09.703", - "lastModified": "2023-06-29T23:57:54.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:02:57.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,24 +64,91 @@ "value": "CWE-459" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0", + "versionEndExcluding": "14.10.7", + "matchCriteriaId": "B8D99155-5444-4CA2-A1C1-0CF39D27B41C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*", + "matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*", + "matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*", + "matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20594", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36469.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36469.json index 253c75f78ef..d53fe7a47ae 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36469.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36469.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36469", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-29T21:15:09.773", - "lastModified": "2023-06-29T23:57:54.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:03:26.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +66,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.6", + "versionEndExcluding": "14.10.6", + "matchCriteriaId": "877A02C7-D633-47CD-B004-2D038628C86C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*", + "matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*", + "matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*", + "matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20610", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36470.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36470.json index da737e477bd..654b3751f76 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36470.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36470.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36470", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-29T21:15:09.843", - "lastModified": "2023-06-29T23:57:54.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:03:50.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +66,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "14.10.6", + "matchCriteriaId": "2F623A8C-A945-45DD-8530-332BF6950A94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*", + "matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*", + "matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*", + "matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20524", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36471.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36471.json index 3d010b3a812..22bf40069d8 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36471.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36471", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-29T20:15:10.003", - "lastModified": "2023-06-29T23:57:54.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:02:32.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,71 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:commons:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.6", + "versionEndExcluding": "14.10.6", + "matchCriteriaId": "28D2C022-6760-4865-B087-19EB62B226A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:commons:15.0:-:*:*:*:*:*:*", + "matchCriteriaId": "B5E0E97B-07B7-43D5-BF0B-A20F41AB1B5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:commons:15.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "3686A321-60C2-4BCE-8D0B-32F56D1D2C63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:commons:15.1:-:*:*:*:*:*:*", + "matchCriteriaId": "0E3494D6-09D1-426B-BC58-5B11F2371645" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:commons:15.1:rc1:*:*:*:*:*:*", + "matchCriteriaId": "C4FFC387-3B28-4875-819C-B0847083CD55" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-commons/commit/99484d48e899a68a1b6e33d457825b776c6fe8c3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-6pqf-c99p-758v", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XCOMMONS-2634", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36539.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36539.json index 1caa36cb9d4..110c766f96d 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36539.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36539.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36539", "sourceIdentifier": "security@zoom.us", "published": "2023-06-30T03:15:09.747", - "lastModified": "2023-06-30T12:59:54.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T13:29:00.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\n\n" + }, + { + "lang": "es", + "value": "La exposici\u00f3n de informaci\u00f3n destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n sensible." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -34,10 +58,243 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*", + "matchCriteriaId": "B19B33AC-0C62-48B8-974F-EBB94700432E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*", + "matchCriteriaId": "64EC33E5-F6E4-4845-B181-52DEC0E707BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*", + "matchCriteriaId": "F566F4A2-7A6F-4ECC-BD73-1F63AE4030B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*", + "matchCriteriaId": "E3E84645-EF69-4A61-B946-5DEEDD27A85E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*", + "matchCriteriaId": "1735FAF3-E7B4-4615-92AD-5BA3399F6D55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*", + "matchCriteriaId": "2FFA4C37-4EFB-42F5-98BE-811F413113F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*", + "matchCriteriaId": "ABB880FF-8853-45AE-818A-23CECB48E030" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "84A39B46-A23B-4194-BDBF-16C337ADD1D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*", + "matchCriteriaId": "A47C1AC4-3092-41BE-8BB3-BABCD2ADC350" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*", + "matchCriteriaId": "F6FC3EA3-DAD3-4D9E-8EF3-5CAC1A54EE45" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*", + "matchCriteriaId": "502FC5A5-08CE-464F-A39E-FB16476F7B02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*", + "matchCriteriaId": "8AB43228-B469-46D9-BE1E-F7BCCC777F34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*", + "matchCriteriaId": "36AA507D-1B5D-42A3-A0BD-0D5FAA6AE3AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*", + "matchCriteriaId": "E7777FBA-8B77-430F-8B64-AFB14E517179" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EEC1BF64-379E-4623-9F5F-EC37D9AE8928" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "27D5E538-97CB-4F05-B8FC-AC6497425E78" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9E12A046-159E-4E45-954F-57A0C43938F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A85D6BC1-E736-487F-8C02-C54B49F7C8B2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE053959-5DE3-4954-8FD5-7D15FA77BC77" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C661E9DF-1D17-408A-95D9-DE5D941EC93B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1A33909C-EB63-4234-A2B5-6F6D39EB8ACB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1F942425-D356-47BA-95A6-61E1FD5029F4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "31C96F0F-E282-427B-92C7-225252952F3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5097727-AE57-436F-B7EF-E93BD96B2E23" + } + ] + } + ] + } + ], "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36934.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36934.json index 0425bdc7b96..edeb92a6e54 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36934.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36934.json @@ -2,23 +2,119 @@ "id": "CVE-2023-36934", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-05T16:15:09.793", - "lastModified": "2023-07-05T16:25:41.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T13:49:29.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.1.11", + "matchCriteriaId": "76A63B2D-2869-403B-9D84-36CFA25695EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.0.9", + "matchCriteriaId": "00D12F3B-6B4C-4345-9C5B-C6B8AC4B5663" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndExcluding": "13.1.7", + "matchCriteriaId": "2262AEC2-85FB-4964-B6F5-7B3E61CF88FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "14.0.7", + "matchCriteriaId": "8606528F-0884-43BE-9CE2-AB1E8FA68819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.1.0", + "versionEndExcluding": "14.1.8", + "matchCriteriaId": "4E7A0668-64EF-46D0-B556-A734DFD4D81B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0.0", + "versionEndExcluding": "15.0.4", + "matchCriteriaId": "ED0819C8-6309-4221-9D5F-32098F6314F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Release Notes", + "Third Party Advisory" + ] }, { "url": "https://www.progress.com/moveit", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36968.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36968.json index 385598d237c..b68912b50a3 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36968.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36968.json @@ -2,23 +2,82 @@ "id": "CVE-2023-36968", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-06T14:15:10.750", - "lastModified": "2023-07-06T14:27:16.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T14:05:33.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:food_ordering_system_project:food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3E4677C1-6FF5-4B2F-A407-DFDE34F458EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/haxxorsid/food-ordering-system", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://okankurtulus.com.tr/2023/06/21/food-ordering-system-v1-0-authenticated-sql-injection/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37288.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37288.json index 4420784e6dc..19635d5b7d4 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37288.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37288.json @@ -2,12 +2,12 @@ "id": "CVE-2023-37288", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-07-10T02:15:45.607", - "lastModified": "2023-07-10T02:15:45.607", + "lastModified": "2023-07-10T07:15:08.733", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes." + "value": "SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files." } ], "metrics": { diff --git a/README.md b/README.md index 2889f961d67..e5e549a67c9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-10T06:00:36.316829+00:00 +2023-07-10T16:00:28.490233+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-10T02:32:11.797000+00:00 +2023-07-10T15:55:23.607000+00:00 ``` ### Last Data Feed Release @@ -34,30 +34,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `0` -* [CVE-2023-37286](CVE-2023/CVE-2023-372xx/CVE-2023-37286.json) (`2023-07-10T02:15:45.237`) -* [CVE-2023-37287](CVE-2023/CVE-2023-372xx/CVE-2023-37287.json) (`2023-07-10T02:15:45.543`) -* [CVE-2023-37288](CVE-2023/CVE-2023-372xx/CVE-2023-37288.json) (`2023-07-10T02:15:45.607`) ### CVEs modified in the last Commit -Recently modified CVEs: `13` +Recently modified CVEs: `24` -* [CVE-2023-20760](CVE-2023/CVE-2023-207xx/CVE-2023-20760.json) (`2023-07-10T02:24:34.707`) -* [CVE-2023-20759](CVE-2023/CVE-2023-207xx/CVE-2023-20759.json) (`2023-07-10T02:24:49.917`) -* [CVE-2023-20758](CVE-2023/CVE-2023-207xx/CVE-2023-20758.json) (`2023-07-10T02:25:02.297`) -* [CVE-2023-20757](CVE-2023/CVE-2023-207xx/CVE-2023-20757.json) (`2023-07-10T02:25:11.430`) -* [CVE-2023-20768](CVE-2023/CVE-2023-207xx/CVE-2023-20768.json) (`2023-07-10T02:25:56.200`) -* [CVE-2023-20767](CVE-2023/CVE-2023-207xx/CVE-2023-20767.json) (`2023-07-10T02:26:12.273`) -* [CVE-2023-20766](CVE-2023/CVE-2023-207xx/CVE-2023-20766.json) (`2023-07-10T02:29:15.053`) -* [CVE-2023-20761](CVE-2023/CVE-2023-207xx/CVE-2023-20761.json) (`2023-07-10T02:29:23.667`) -* [CVE-2023-20775](CVE-2023/CVE-2023-207xx/CVE-2023-20775.json) (`2023-07-10T02:30:23.110`) -* [CVE-2023-20774](CVE-2023/CVE-2023-207xx/CVE-2023-20774.json) (`2023-07-10T02:31:05.343`) -* [CVE-2023-20773](CVE-2023/CVE-2023-207xx/CVE-2023-20773.json) (`2023-07-10T02:31:28.903`) -* [CVE-2023-20772](CVE-2023/CVE-2023-207xx/CVE-2023-20772.json) (`2023-07-10T02:31:43.217`) -* [CVE-2023-20771](CVE-2023/CVE-2023-207xx/CVE-2023-20771.json) (`2023-07-10T02:32:11.797`) +* [CVE-2023-37288](CVE-2023/CVE-2023-372xx/CVE-2023-37288.json) (`2023-07-10T07:15:08.733`) +* [CVE-2023-34736](CVE-2023/CVE-2023-347xx/CVE-2023-34736.json) (`2023-07-10T12:49:07.747`) +* [CVE-2023-35938](CVE-2023/CVE-2023-359xx/CVE-2023-35938.json) (`2023-07-10T13:26:11.097`) +* [CVE-2023-36291](CVE-2023/CVE-2023-362xx/CVE-2023-36291.json) (`2023-07-10T13:28:09.077`) +* [CVE-2023-36539](CVE-2023/CVE-2023-365xx/CVE-2023-36539.json) (`2023-07-10T13:29:00.263`) +* [CVE-2023-36934](CVE-2023/CVE-2023-369xx/CVE-2023-36934.json) (`2023-07-10T13:49:29.260`) +* [CVE-2023-34654](CVE-2023/CVE-2023-346xx/CVE-2023-34654.json) (`2023-07-10T13:59:13.440`) +* [CVE-2023-3521](CVE-2023/CVE-2023-35xx/CVE-2023-3521.json) (`2023-07-10T14:01:36.510`) +* [CVE-2023-30586](CVE-2023/CVE-2023-305xx/CVE-2023-30586.json) (`2023-07-10T14:01:51.887`) +* [CVE-2023-36471](CVE-2023/CVE-2023-364xx/CVE-2023-36471.json) (`2023-07-10T14:02:32.227`) +* [CVE-2023-36468](CVE-2023/CVE-2023-364xx/CVE-2023-36468.json) (`2023-07-10T14:02:57.473`) +* [CVE-2023-36469](CVE-2023/CVE-2023-364xx/CVE-2023-36469.json) (`2023-07-10T14:03:26.597`) +* [CVE-2023-36470](CVE-2023/CVE-2023-364xx/CVE-2023-36470.json) (`2023-07-10T14:03:50.947`) +* [CVE-2023-36968](CVE-2023/CVE-2023-369xx/CVE-2023-36968.json) (`2023-07-10T14:05:33.737`) +* [CVE-2023-29147](CVE-2023/CVE-2023-291xx/CVE-2023-29147.json) (`2023-07-10T14:06:20.730`) +* [CVE-2023-35947](CVE-2023/CVE-2023-359xx/CVE-2023-35947.json) (`2023-07-10T14:13:21.220`) +* [CVE-2023-22306](CVE-2023/CVE-2023-223xx/CVE-2023-22306.json) (`2023-07-10T14:14:31.730`) +* [CVE-2023-36183](CVE-2023/CVE-2023-361xx/CVE-2023-36183.json) (`2023-07-10T14:23:07.587`) +* [CVE-2023-22299](CVE-2023/CVE-2023-222xx/CVE-2023-22299.json) (`2023-07-10T14:27:09.983`) +* [CVE-2023-36144](CVE-2023/CVE-2023-361xx/CVE-2023-36144.json) (`2023-07-10T14:28:07.137`) +* [CVE-2023-22814](CVE-2023/CVE-2023-228xx/CVE-2023-22814.json) (`2023-07-10T15:25:29.167`) +* [CVE-2023-3449](CVE-2023/CVE-2023-34xx/CVE-2023-3449.json) (`2023-07-10T15:49:23.037`) +* [CVE-2023-33570](CVE-2023/CVE-2023-335xx/CVE-2023-33570.json) (`2023-07-10T15:53:05.990`) +* [CVE-2023-28323](CVE-2023/CVE-2023-283xx/CVE-2023-28323.json) (`2023-07-10T15:55:23.607`) ## Download and Usage