diff --git a/CVE-2021/CVE-2021-375xx/CVE-2021-37501.json b/CVE-2021/CVE-2021-375xx/CVE-2021-37501.json index d4b5d808e36..9da949a0903 100644 --- a/CVE-2021/CVE-2021-375xx/CVE-2021-37501.json +++ b/CVE-2021/CVE-2021-375xx/CVE-2021-37501.json @@ -2,8 +2,8 @@ "id": "CVE-2021-37501", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-03T18:15:13.670", - "lastModified": "2023-02-13T19:49:07.627", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-12T21:15:08.800", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -74,6 +74,10 @@ "Third Party Advisory" ] }, + { + "url": "https://github.com/HDFGroup/hdf5/issues/2458", + "source": "cve@mitre.org" + }, { "url": "https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26258.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26258.json index b806e5e02b2..e927b44223b 100644 --- a/CVE-2023/CVE-2023-262xx/CVE-2023-26258.json +++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26258.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26258", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-03T15:15:10.377", - "lastModified": "2023-07-11T14:45:38.083", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-12T21:15:08.920", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "https://support.arcserve.com/s/article/KB000015720?language=en_US", + "source": "cve@mitre.org" + }, { "url": "https://www.arcserve.com/products/arcserve-udp", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26563.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26563.json new file mode 100644 index 00000000000..25a691c5849 --- /dev/null +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26563.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-26563", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-12T21:15:08.990", + "lastModified": "2023-07-12T21:15:08.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://ej2.syncfusion.com/documentation/file-manager/file-system-provider/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/SyncfusionExamples/ej2-filemanager-node-filesystem", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26564.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26564.json new file mode 100644 index 00000000000..6a774880d8d --- /dev/null +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26564.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-26564", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-12T21:15:09.047", + "lastModified": "2023-07-12T21:15:09.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://ej2.syncfusion.com/documentation/file-manager/file-system-provider/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/SyncfusionExamples/ej2-aspcore-file-provider", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33274.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33274.json new file mode 100644 index 00000000000..e095b823cd8 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33274.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33274", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-12T21:15:09.097", + "lastModified": "2023-07-12T21:15:09.097", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/pedromonteirobb/a0584095b46141702c8cae0f3f1b6759", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3535.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3535.json index 89151fa4c8a..48e8daf6360 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3535.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3535.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3535", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-07T13:15:09.393", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:18:38.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplephpscripts:faq_script_php:2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "8D92C0A4-37A9-4592-AC85-79530406A9A9" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.233287", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233287", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3536.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3536.json index 4d0b8d5a6c5..a2a09b2f502 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3536.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3536.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3536", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-07T13:15:09.477", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:18:25.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplephpscripts:funeral_script_php:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "112591F0-CF2B-458A-9889-C2724A0B309A" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.233288", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233288", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3537.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3537.json index 80e7e0cfb24..b14d84402a3 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3537.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3537.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3537", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-07T14:15:09.757", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:02:32.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplephpscripts:news_script_php_pro:2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "4B2BB9E6-C303-49F0-8437-DB4B43137914" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.233289", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233289", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3538.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3538.json index da37923d908..5ec7c4d4fb0 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3538.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3538.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3538", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-07T14:15:09.850", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:02:17.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplephpscripts:photo_gallery_php:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109042A3-2033-4C1C-91FC-93DBB7AB943A" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.233290", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233290", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3539.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3539.json index b8b6b4d3c56..8a9534efde6 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3539.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3539.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3539", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-07T15:15:10.230", - "lastModified": "2023-07-07T15:46:57.830", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:01:39.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -61,7 +83,7 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -69,16 +91,49 @@ "value": "CWE-79" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplephpscripts:simple_forum_php:2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "956D9FF1-8776-4EBE-82CF-AC7080FB3603" + } + ] + } + ] } ], "references": [ { "url": "https://vuldb.com/?ctiid.233291", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233291", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3540.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3540.json index 193b36b19c8..7afd732b569 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3540.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3540.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3540", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-07T15:15:10.317", - "lastModified": "2023-07-07T15:46:57.830", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:01:28.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplephpscripts:newsletter_script_php:2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "DC009BB9-918C-42D9-80B5-9BBB8E248EBE" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.233292", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233292", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3541.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3541.json index cf31de8ca58..21f84671a49 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3541.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3541.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3541", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-07T16:15:09.870", - "lastModified": "2023-07-07T17:36:20.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:50:39.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thinutech:thinu-cms:1.5:*:*:*:*:*:*:*", + "matchCriteriaId": "403A6EB1-58FA-4F4A-9D85-E1CCFC189BE6" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.233293", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233293", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3542.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3542.json index 452866417e1..c4b74abbf7c 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3542.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3542.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3542", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-07T16:15:09.947", - "lastModified": "2023-07-07T17:36:20.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:50:28.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thinutech:thinu-cms:1.5:*:*:*:*:*:*:*", + "matchCriteriaId": "403A6EB1-58FA-4F4A-9D85-E1CCFC189BE6" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.233294", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.233294", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37061.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37061.json index f3eff5b798c..f4c114ed5fe 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37061.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37061.json @@ -2,23 +2,84 @@ "id": "CVE-2023-37061", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T17:15:09.827", - "lastModified": "2023-07-07T17:36:20.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:58:22.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.11.0", + "versionEndIncluding": "1.11.20", + "matchCriteriaId": "7C09DB8C-2B3F-4EE5-B478-546C468B1E04" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/chamilo/chamilo-lms/commit/75e9b3e0acac6f7a643da6ff19a00d55a94417a1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-116-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-languages-management", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37062.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37062.json index ede464ea09f..3f188146150 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37062.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37062.json @@ -2,23 +2,84 @@ "id": "CVE-2023-37062", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T17:15:09.883", - "lastModified": "2023-07-07T17:36:20.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:50:55.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.11.0", + "versionEndIncluding": "1.11.20", + "matchCriteriaId": "7C09DB8C-2B3F-4EE5-B478-546C468B1E04" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/chamilo/chamilo-lms/commit/c263933d1d958edee3999820f636c8cb919d03d1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-115-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-course-category", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37063.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37063.json index 9c15e2eba2d..3ba3f21694d 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37063.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37063.json @@ -2,23 +2,84 @@ "id": "CVE-2023-37063", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T17:15:09.943", - "lastModified": "2023-07-07T17:36:20.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:58:12.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.11.0", + "versionEndIncluding": "1.11.20", + "matchCriteriaId": "7C09DB8C-2B3F-4EE5-B478-546C468B1E04" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/chamilo/chamilo-lms/commit/546a18b0bd1446123f4e29f81f42e71b761f51b7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-117-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-careers-amp-promotions-management", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37144.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37144.json index 09c35ef4c10..1a657f4ea69 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37144.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37144.json @@ -2,19 +2,87 @@ "id": "CVE-2023-37144", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T14:15:09.363", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:43:13.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tendacn:ac10_firmware:15.03.06.26:*:*:*:*:*:*:*", + "matchCriteriaId": "603374CB-A7E4-410C-B713-D553482C3C48" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9E0489C-31D5-43C4-B15D-1D88119EF226" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DaDong-G/Vulnerability_info/blob/main/ac10_command_injection/Readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37145.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37145.json index 497d7426532..98bc592801e 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37145.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37145.json @@ -2,19 +2,87 @@ "id": "CVE-2023-37145", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T14:15:09.433", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:49:02.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*", + "matchCriteriaId": "6E7C618F-D415-4075-96A5-45E44B52FB62" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA0663B-3F55-44EF-AF32-F83AB0411748" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/1/Readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37146.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37146.json index 8c57dc78ebb..308eeb2c6f1 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37146.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37146.json @@ -2,19 +2,87 @@ "id": "CVE-2023-37146", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T14:15:09.500", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:48:41.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*", + "matchCriteriaId": "6E7C618F-D415-4075-96A5-45E44B52FB62" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA0663B-3F55-44EF-AF32-F83AB0411748" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DaDong-G/Vulnerability_info/tree/main/TOTOLINK/lr350/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37148.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37148.json index 62d2e585049..1e2ec12a0bf 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37148.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37148.json @@ -2,19 +2,87 @@ "id": "CVE-2023-37148", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T14:15:09.570", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:48:17.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*", + "matchCriteriaId": "6E7C618F-D415-4075-96A5-45E44B52FB62" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA0663B-3F55-44EF-AF32-F83AB0411748" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/3/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37149.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37149.json index 12717bf329c..4c864ea1e07 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37149.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37149.json @@ -2,19 +2,87 @@ "id": "CVE-2023-37149", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T14:15:09.617", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:47:56.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*", + "matchCriteriaId": "6E7C618F-D415-4075-96A5-45E44B52FB62" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA0663B-3F55-44EF-AF32-F83AB0411748" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/4/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37308.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37308.json index 17fac0935ae..c3a5e92c1c1 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37308.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37308.json @@ -2,19 +2,195 @@ "id": "CVE-2023-37308", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-07T13:15:09.337", - "lastModified": "2023-07-07T14:54:15.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T20:43:30.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0", + "matchCriteriaId": "FFA4EA7A-B1C1-4750-A11D-89054B77B320" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "1290A682-CF27-4411-977B-9F4C935EF0DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*", + "matchCriteriaId": "16BADE82-3652-4074-BDFF-828B7213CAF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*", + "matchCriteriaId": "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*", + "matchCriteriaId": "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*", + "matchCriteriaId": "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*", + "matchCriteriaId": "97EA9324-9377-46E1-A0EA-637128E65DED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*", + "matchCriteriaId": "EA5BE36E-A73A-4D1C-8185-9692373F1444" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*", + "matchCriteriaId": "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*", + "matchCriteriaId": "F505C783-09DE-4045-9DB4-DD850B449A48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*", + "matchCriteriaId": "212BF664-02DE-457F-91A6-6F824ECC963B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*", + "matchCriteriaId": "D102B74F-6762-4EFE-BAF7-A7D416867D9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*", + "matchCriteriaId": "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*", + "matchCriteriaId": "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*", + "matchCriteriaId": "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:*", + "matchCriteriaId": "5B2F6EE4-F3DC-43CE-B7FD-C9522A35406A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:*", + "matchCriteriaId": "623151CB-4C6B-4068-B173-FE8E73D652F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:*", + "matchCriteriaId": "1D84377E-CB44-4C6A-A665-763A1CD1AF34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:*", + "matchCriteriaId": "603D1875-BD5E-4C6C-9D2C-3CAA9D7B3AE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:*", + "matchCriteriaId": "4C568190-1C1B-44FA-B50A-C142A0B8224D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:*", + "matchCriteriaId": "F876B2E2-C2FF-47BE-9F53-5F86606A08CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7081:*:*:*:*:*:*", + "matchCriteriaId": "D101D29F-FF03-437A-9BBE-16CFE7A570BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7082:*:*:*:*:*:*", + "matchCriteriaId": "7D2D0131-7454-45E4-8312-D6041BA2A6D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7090:*:*:*:*:*:*", + "matchCriteriaId": "F09D0587-A189-4250-B5A0-3F874CE58CE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7091:*:*:*:*:*:*", + "matchCriteriaId": "35621269-F3BF-4650-B56B-57DE81902A97" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.manageengine.com/products/active-directory-audit/cve-2023-37308.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index d6879a22db4..c8c193b6ae9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-12T20:00:34.798594+00:00 +2023-07-12T22:01:01.002631+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-12T19:59:14.020000+00:00 +2023-07-12T21:15:09.097000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -220138 +220141 ``` ### CVEs added in the last Commit -Recently added CVEs: `87` +Recently added CVEs: `3` -* [CVE-2023-29315](CVE-2023/CVE-2023-293xx/CVE-2023-29315.json) (`2023-07-12T16:15:12.547`) -* [CVE-2023-29316](CVE-2023/CVE-2023-293xx/CVE-2023-29316.json) (`2023-07-12T16:15:12.623`) -* [CVE-2023-29317](CVE-2023/CVE-2023-293xx/CVE-2023-29317.json) (`2023-07-12T16:15:12.700`) -* [CVE-2023-29318](CVE-2023/CVE-2023-293xx/CVE-2023-29318.json) (`2023-07-12T16:15:12.780`) -* [CVE-2023-29319](CVE-2023/CVE-2023-293xx/CVE-2023-29319.json) (`2023-07-12T16:15:12.867`) -* [CVE-2023-36266](CVE-2023/CVE-2023-362xx/CVE-2023-36266.json) (`2023-07-12T16:15:12.953`) -* [CVE-2023-37942](CVE-2023/CVE-2023-379xx/CVE-2023-37942.json) (`2023-07-12T16:15:13.007`) -* [CVE-2023-37943](CVE-2023/CVE-2023-379xx/CVE-2023-37943.json) (`2023-07-12T16:15:13.063`) -* [CVE-2023-37944](CVE-2023/CVE-2023-379xx/CVE-2023-37944.json) (`2023-07-12T16:15:13.117`) -* [CVE-2023-37945](CVE-2023/CVE-2023-379xx/CVE-2023-37945.json) (`2023-07-12T16:15:13.173`) -* [CVE-2023-37946](CVE-2023/CVE-2023-379xx/CVE-2023-37946.json) (`2023-07-12T16:15:13.227`) -* [CVE-2023-37947](CVE-2023/CVE-2023-379xx/CVE-2023-37947.json) (`2023-07-12T16:15:13.277`) -* [CVE-2023-37948](CVE-2023/CVE-2023-379xx/CVE-2023-37948.json) (`2023-07-12T16:15:13.333`) -* [CVE-2023-37949](CVE-2023/CVE-2023-379xx/CVE-2023-37949.json) (`2023-07-12T16:15:13.380`) -* [CVE-2023-37950](CVE-2023/CVE-2023-379xx/CVE-2023-37950.json) (`2023-07-12T16:15:13.427`) -* [CVE-2023-37951](CVE-2023/CVE-2023-379xx/CVE-2023-37951.json) (`2023-07-12T16:15:13.473`) -* [CVE-2023-29298](CVE-2023/CVE-2023-292xx/CVE-2023-29298.json) (`2023-07-12T16:15:11.623`) -* [CVE-2023-29300](CVE-2023/CVE-2023-293xx/CVE-2023-29300.json) (`2023-07-12T16:15:11.733`) -* [CVE-2023-29301](CVE-2023/CVE-2023-293xx/CVE-2023-29301.json) (`2023-07-12T16:15:11.820`) -* [CVE-2023-29308](CVE-2023/CVE-2023-293xx/CVE-2023-29308.json) (`2023-07-12T16:15:11.920`) -* [CVE-2023-29309](CVE-2023/CVE-2023-293xx/CVE-2023-29309.json) (`2023-07-12T16:15:12.007`) -* [CVE-2023-29310](CVE-2023/CVE-2023-293xx/CVE-2023-29310.json) (`2023-07-12T16:15:12.110`) -* [CVE-2023-3643](CVE-2023/CVE-2023-36xx/CVE-2023-3643.json) (`2023-07-12T18:15:09.487`) -* [CVE-2023-3644](CVE-2023/CVE-2023-36xx/CVE-2023-3644.json) (`2023-07-12T18:15:09.563`) -* [CVE-2023-3635](CVE-2023/CVE-2023-36xx/CVE-2023-3635.json) (`2023-07-12T19:15:08.983`) +* [CVE-2023-26563](CVE-2023/CVE-2023-265xx/CVE-2023-26563.json) (`2023-07-12T21:15:08.990`) +* [CVE-2023-26564](CVE-2023/CVE-2023-265xx/CVE-2023-26564.json) (`2023-07-12T21:15:09.047`) +* [CVE-2023-33274](CVE-2023/CVE-2023-332xx/CVE-2023-33274.json) (`2023-07-12T21:15:09.097`) ### CVEs modified in the last Commit -Recently modified CVEs: `405` +Recently modified CVEs: `19` -* [CVE-2023-30642](CVE-2023/CVE-2023-306xx/CVE-2023-30642.json) (`2023-07-12T18:15:49.513`) -* [CVE-2023-30643](CVE-2023/CVE-2023-306xx/CVE-2023-30643.json) (`2023-07-12T18:16:11.027`) -* [CVE-2023-30644](CVE-2023/CVE-2023-306xx/CVE-2023-30644.json) (`2023-07-12T18:16:36.020`) -* [CVE-2023-30645](CVE-2023/CVE-2023-306xx/CVE-2023-30645.json) (`2023-07-12T18:16:52.757`) -* [CVE-2023-30646](CVE-2023/CVE-2023-306xx/CVE-2023-30646.json) (`2023-07-12T18:18:37.623`) -* [CVE-2023-30647](CVE-2023/CVE-2023-306xx/CVE-2023-30647.json) (`2023-07-12T18:18:52.680`) -* [CVE-2023-30648](CVE-2023/CVE-2023-306xx/CVE-2023-30648.json) (`2023-07-12T18:21:29.590`) -* [CVE-2023-35937](CVE-2023/CVE-2023-359xx/CVE-2023-35937.json) (`2023-07-12T18:34:05.977`) -* [CVE-2023-36188](CVE-2023/CVE-2023-361xx/CVE-2023-36188.json) (`2023-07-12T18:34:19.300`) -* [CVE-2023-36189](CVE-2023/CVE-2023-361xx/CVE-2023-36189.json) (`2023-07-12T18:34:29.363`) -* [CVE-2023-36995](CVE-2023/CVE-2023-369xx/CVE-2023-36995.json) (`2023-07-12T18:34:38.403`) -* [CVE-2023-30649](CVE-2023/CVE-2023-306xx/CVE-2023-30649.json) (`2023-07-12T18:37:10.837`) -* [CVE-2023-30650](CVE-2023/CVE-2023-306xx/CVE-2023-30650.json) (`2023-07-12T18:37:19.837`) -* [CVE-2023-30651](CVE-2023/CVE-2023-306xx/CVE-2023-30651.json) (`2023-07-12T18:37:27.847`) -* [CVE-2023-30652](CVE-2023/CVE-2023-306xx/CVE-2023-30652.json) (`2023-07-12T18:37:35.077`) -* [CVE-2023-30653](CVE-2023/CVE-2023-306xx/CVE-2023-30653.json) (`2023-07-12T18:37:41.277`) -* [CVE-2023-30655](CVE-2023/CVE-2023-306xx/CVE-2023-30655.json) (`2023-07-12T18:37:48.920`) -* [CVE-2023-30656](CVE-2023/CVE-2023-306xx/CVE-2023-30656.json) (`2023-07-12T18:37:55.607`) -* [CVE-2023-37239](CVE-2023/CVE-2023-372xx/CVE-2023-37239.json) (`2023-07-12T18:57:30.653`) -* [CVE-2023-2728](CVE-2023/CVE-2023-27xx/CVE-2023-2728.json) (`2023-07-12T19:11:59.200`) -* [CVE-2023-2727](CVE-2023/CVE-2023-27xx/CVE-2023-2727.json) (`2023-07-12T19:12:15.150`) -* [CVE-2023-25517](CVE-2023/CVE-2023-255xx/CVE-2023-25517.json) (`2023-07-12T19:13:44.783`) -* [CVE-2023-0090](CVE-2023/CVE-2023-00xx/CVE-2023-0090.json) (`2023-07-12T19:15:08.870`) -* [CVE-2023-35890](CVE-2023/CVE-2023-358xx/CVE-2023-35890.json) (`2023-07-12T19:16:45.947`) -* [CVE-2023-30674](CVE-2023/CVE-2023-306xx/CVE-2023-30674.json) (`2023-07-12T19:59:14.020`) +* [CVE-2021-37501](CVE-2021/CVE-2021-375xx/CVE-2021-37501.json) (`2023-07-12T21:15:08.800`) +* [CVE-2023-3540](CVE-2023/CVE-2023-35xx/CVE-2023-3540.json) (`2023-07-12T20:01:28.747`) +* [CVE-2023-3539](CVE-2023/CVE-2023-35xx/CVE-2023-3539.json) (`2023-07-12T20:01:39.047`) +* [CVE-2023-3538](CVE-2023/CVE-2023-35xx/CVE-2023-3538.json) (`2023-07-12T20:02:17.593`) +* [CVE-2023-3537](CVE-2023/CVE-2023-35xx/CVE-2023-3537.json) (`2023-07-12T20:02:32.687`) +* [CVE-2023-3536](CVE-2023/CVE-2023-35xx/CVE-2023-3536.json) (`2023-07-12T20:18:25.053`) +* [CVE-2023-3535](CVE-2023/CVE-2023-35xx/CVE-2023-3535.json) (`2023-07-12T20:18:38.963`) +* [CVE-2023-37144](CVE-2023/CVE-2023-371xx/CVE-2023-37144.json) (`2023-07-12T20:43:13.663`) +* [CVE-2023-37308](CVE-2023/CVE-2023-373xx/CVE-2023-37308.json) (`2023-07-12T20:43:30.607`) +* [CVE-2023-37149](CVE-2023/CVE-2023-371xx/CVE-2023-37149.json) (`2023-07-12T20:47:56.950`) +* [CVE-2023-37148](CVE-2023/CVE-2023-371xx/CVE-2023-37148.json) (`2023-07-12T20:48:17.283`) +* [CVE-2023-37146](CVE-2023/CVE-2023-371xx/CVE-2023-37146.json) (`2023-07-12T20:48:41.653`) +* [CVE-2023-37145](CVE-2023/CVE-2023-371xx/CVE-2023-37145.json) (`2023-07-12T20:49:02.007`) +* [CVE-2023-3542](CVE-2023/CVE-2023-35xx/CVE-2023-3542.json) (`2023-07-12T20:50:28.507`) +* [CVE-2023-3541](CVE-2023/CVE-2023-35xx/CVE-2023-3541.json) (`2023-07-12T20:50:39.830`) +* [CVE-2023-37062](CVE-2023/CVE-2023-370xx/CVE-2023-37062.json) (`2023-07-12T20:50:55.603`) +* [CVE-2023-37063](CVE-2023/CVE-2023-370xx/CVE-2023-37063.json) (`2023-07-12T20:58:12.763`) +* [CVE-2023-37061](CVE-2023/CVE-2023-370xx/CVE-2023-37061.json) (`2023-07-12T20:58:22.373`) +* [CVE-2023-26258](CVE-2023/CVE-2023-262xx/CVE-2023-26258.json) (`2023-07-12T21:15:08.920`) ## Download and Usage