diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json index d391792db90..17e00f663b1 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47185", "sourceIdentifier": "security@apache.org", "published": "2023-08-09T07:15:09.930", - "lastModified": "2023-08-09T07:15:09.930", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20797.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20797.json index 041e1263ed2..b4341966a60 100644 --- a/CVE-2023/CVE-2023-207xx/CVE-2023-20797.json +++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20797.json @@ -2,19 +2,126 @@ "id": "CVE-2023-20797", "sourceIdentifier": "security@mediatek.com", "published": "2023-08-07T04:15:13.537", - "lastModified": "2023-08-07T12:57:21.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T13:39:25.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/August-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20798.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20798.json index edb48eef038..36d647eedfd 100644 --- a/CVE-2023/CVE-2023-207xx/CVE-2023-20798.json +++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20798.json @@ -2,19 +2,145 @@ "id": "CVE-2023-20798", "sourceIdentifier": "security@mediatek.com", "published": "2023-08-07T04:15:13.603", - "lastModified": "2023-08-07T12:57:21.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T13:49:52.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-131" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/August-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20800.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20800.json index 5df6449a24e..cc045317cad 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20800.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20800.json @@ -2,19 +2,126 @@ "id": "CVE-2023-20800", "sourceIdentifier": "security@mediatek.com", "published": "2023-08-07T04:15:13.667", - "lastModified": "2023-08-07T12:57:21.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T13:25:26.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/August-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json index 5756256f15c..a105f5ab411 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22378", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T09:15:13.507", - "lastModified": "2023-08-09T09:15:13.507", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json index c9da9d13365..420ba527ac0 100644 --- a/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22843", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T09:15:13.667", - "lastModified": "2023-08-09T09:15:13.667", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23574.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23574.json index fc2434c7d33..4292c707f47 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23574.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23574.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23574", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T09:15:13.767", - "lastModified": "2023-08-09T09:15:13.767", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json index 192e8a32055..c02e149cd12 100644 --- a/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23903", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T10:15:09.687", - "lastModified": "2023-08-09T10:15:09.687", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json index 6e8cef5f146..1b9b43c70c5 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24015", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T10:15:09.890", - "lastModified": "2023-08-09T10:15:09.890", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24471.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24471.json index d6d8f469b3b..ae6c6d93b15 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24471.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24471", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T09:15:13.860", - "lastModified": "2023-08-09T09:15:13.860", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24477.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24477.json index eabd2d5a131..f8f31ff4674 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24477.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24477.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24477", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T08:15:09.280", - "lastModified": "2023-08-09T08:15:09.280", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26310.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26310.json index 9d61b9ef0dc..168800c9f22 100644 --- a/CVE-2023/CVE-2023-263xx/CVE-2023-26310.json +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26310.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26310", "sourceIdentifier": "security@oppo.com", "published": "2023-08-09T07:15:10.150", - "lastModified": "2023-08-09T07:15:10.150", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json index 3f28349d660..3933d18ce30 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2905", "sourceIdentifier": "cve@takeonme.org", "published": "2023-08-09T05:15:40.740", - "lastModified": "2023-08-09T05:15:40.740", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30950.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30950.json index 6d2bd11c746..84c7c642429 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30950.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30950.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30950", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2023-08-03T22:15:11.887", - "lastModified": "2023-08-04T02:45:53.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T12:30:37.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "cve-coordination@palantir.com", "type": "Secondary", @@ -34,10 +54,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palantir:foundry_campaigns:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.623.0", + "matchCriteriaId": "C6AF85C8-B17D-4727-A60F-DDF23AAC6CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a", - "source": "cve-coordination@palantir.com" + "source": "cve-coordination@palantir.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31448.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31448.json new file mode 100644 index 00000000000..0e675b7c1e5 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31448.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31448", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T12:15:09.647", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520", + "source": "cve@mitre.org" + }, + { + "url": "https://www.paessler.com/prtg/history/stable", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31449.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31449.json new file mode 100644 index 00000000000..0b6480761ec --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31449.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31449", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T12:15:09.823", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520", + "source": "cve@mitre.org" + }, + { + "url": "https://www.paessler.com/prtg/history/stable", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31450.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31450.json new file mode 100644 index 00000000000..089e3282c7a --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31450.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31450", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T12:15:09.897", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520", + "source": "cve@mitre.org" + }, + { + "url": "https://www.paessler.com/prtg/history/stable", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31452.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31452.json new file mode 100644 index 00000000000..28380c34332 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31452.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31452", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T12:15:09.970", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520", + "source": "cve@mitre.org" + }, + { + "url": "https://www.paessler.com/prtg/history/stable", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32781.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32781.json new file mode 100644 index 00000000000..43b34e74bec --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32781.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-32781", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T12:15:10.047", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520", + "source": "cve@mitre.org" + }, + { + "url": "https://www.paessler.com/prtg/history/stable", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32782.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32782.json new file mode 100644 index 00000000000..bf572abee2f --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32782.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-32782", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T12:15:10.127", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520", + "source": "cve@mitre.org" + }, + { + "url": "https://www.paessler.com/prtg/history/stable", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json index 0f5e7e809df..42c76a3b6bc 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33934", "sourceIdentifier": "security@apache.org", "published": "2023-08-09T07:15:10.297", - "lastModified": "2023-08-09T07:15:10.297", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33953.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33953.json new file mode 100644 index 00000000000..5872b9afe51 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33953.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-33953", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2023-08-09T13:15:09.370", + "lastModified": "2023-08-09T13:15:09.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-789" + }, + { + "lang": "en", + "value": "CWE-834" + } + ] + } + ], + "references": [ + { + "url": "https://cloud.google.com/support/bulletins#gcp-2023-022", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3632.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3632.json index eebb927e0df..51046815c66 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3632.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3632.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3632", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-08-09T09:15:14.297", - "lastModified": "2023-08-09T09:15:14.297", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37855.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37855.json index 44e2211bafa..49bd85d4acc 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37855.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37855.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37855", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:10.380", - "lastModified": "2023-08-09T07:15:10.380", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37856.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37856.json index a2e723a3601..5f4ebf8ebf9 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37856.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37856.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37856", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:10.493", - "lastModified": "2023-08-09T07:15:10.493", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37857.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37857.json index 6822a1c17ee..1100401436a 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37857.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37857.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37857", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:10.603", - "lastModified": "2023-08-09T07:15:10.603", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37858.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37858.json index 999d7368e8a..a8fa4440b6b 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37858.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37858.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37858", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:10.710", - "lastModified": "2023-08-09T07:15:10.710", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37859.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37859.json index 9b667327e2c..14cae058f02 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37859.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37859.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37859", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:10.827", - "lastModified": "2023-08-09T07:15:10.827", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37860.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37860.json index 07a9fdba370..ed45b656552 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37860.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37860.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37860", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:10.933", - "lastModified": "2023-08-09T07:15:10.933", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37861.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37861.json index 1ca0b285e82..a1b28f6b2ae 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37861.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37861.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37861", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:11.033", - "lastModified": "2023-08-09T07:15:11.033", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37862.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37862.json index 6f145599feb..5ada9ffe7c3 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37862.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37862.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37862", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:11.133", - "lastModified": "2023-08-09T07:15:11.133", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37863.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37863.json index 76fac7972d4..ce9b341880c 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37863.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37863.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37863", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:11.227", - "lastModified": "2023-08-09T07:15:11.227", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37864.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37864.json index ce461b1ec03..824e069d2b9 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37864.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37864.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37864", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:11.323", - "lastModified": "2023-08-09T07:15:11.323", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38207.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38207.json index 1f7faa05d72..8ffe9044fa5 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38207.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38207.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38207", "sourceIdentifier": "psirt@adobe.com", "published": "2023-08-09T08:15:09.443", - "lastModified": "2023-08-09T08:15:09.443", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38208.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38208.json index 4fa9561512f..180701ce13f 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38208.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38208", "sourceIdentifier": "psirt@adobe.com", "published": "2023-08-09T08:15:09.563", - "lastModified": "2023-08-09T08:15:09.563", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38209.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38209.json index 6244a140c03..33bef87ef1d 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38209.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38209.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38209", "sourceIdentifier": "psirt@adobe.com", "published": "2023-08-09T08:15:09.660", - "lastModified": "2023-08-09T08:15:09.660", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38211.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38211.json index a18ea027c8b..efc954f38f9 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38211.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38211.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38211", "sourceIdentifier": "psirt@adobe.com", "published": "2023-08-09T09:15:13.957", - "lastModified": "2023-08-09T09:15:13.957", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38212.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38212.json index ea2654eabf9..46f134cb43a 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38212.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38212.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38212", "sourceIdentifier": "psirt@adobe.com", "published": "2023-08-09T09:15:14.077", - "lastModified": "2023-08-09T09:15:14.077", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38213.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38213.json index 04c01116afc..657e92a6e41 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38213.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38213.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38213", "sourceIdentifier": "psirt@adobe.com", "published": "2023-08-09T09:15:14.183", - "lastModified": "2023-08-09T09:15:14.183", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:39.727", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38692.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38692.json index 3e2c09b5a5b..3476ba10bcb 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38692.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38692.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38692", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-04T18:15:14.203", - "lastModified": "2023-08-04T18:53:22.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T13:19:09.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fit2cloud:cloudexplorer_lite:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.1", + "matchCriteriaId": "A35B9D5D-A475-444B-B6CE-C9E9BA60C503" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38695.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38695.json index 8af7306fccf..8f6688d7c30 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38695.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38695.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38695", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-04T18:15:14.667", - "lastModified": "2023-08-04T18:53:22.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T13:18:50.527", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simonsmith:cypress_image_snapshot:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "8.0.2", + "matchCriteriaId": "35914465-A5A0-48FC-B8B5-0AFFF23883AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/simonsmith/cypress-image-snapshot/issues/15", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38702.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38702.json index 9222a18826d..e469fd252f8 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38702.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38702.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38702", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-04T19:15:10.080", - "lastModified": "2023-08-06T12:01:17.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T13:15:10.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eng:knowage:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "8.1.8", + "matchCriteriaId": "97741C80-7124-493C-B642-25BC547AA137" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38751.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38751.json index c9e62153e85..d672603c58e 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38751.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38751.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38751", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-09T04:15:10.047", - "lastModified": "2023-08-09T04:15:10.047", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38752.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38752.json index f1a727155cb..d99fbe585f3 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38752.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38752.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38752", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-09T04:15:10.430", - "lastModified": "2023-08-09T04:15:10.430", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38947.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38947.json index dc851da0656..92b27db8d26 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38947.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38947.json @@ -2,19 +2,76 @@ "id": "CVE-2023-38947", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-03T16:15:12.010", - "lastModified": "2023-08-03T16:56:53.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T12:01:50.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "2693F6EB-5768-406D-9042-F48E81CDD98E" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/CTF-hacker/pwn/issues/I7LH2N", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39075.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39075.json index 329439416bb..dd22ca5e596 100644 --- a/CVE-2023/CVE-2023-390xx/CVE-2023-39075.json +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39075.json @@ -2,19 +2,89 @@ "id": "CVE-2023-39075", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-03T18:15:11.477", - "lastModified": "2023-08-04T02:46:03.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T12:12:32.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:renault:zoe_ev_2021_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.10.2021", + "versionEndIncluding": "16.01.2023", + "matchCriteriaId": "5B85A8D9-2845-447F-9C2E-0623BE0A3C97" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:renault:zoe_ev_2021:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81BFB6-96A1-46C5-8A70-F4B6F2C403CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.jhyeon.dev/posts/vuln/202307/renault-zoe/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39209.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39209.json index c4e7bac47bc..bc66fa23134 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39209.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39209.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39209", "sourceIdentifier": "security@zoom.us", "published": "2023-08-08T22:15:09.517", - "lastModified": "2023-08-08T22:15:09.517", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:47:02.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39210.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39210.json index 89a42140c05..cc47228461a 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39210.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39210.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39210", "sourceIdentifier": "security@zoom.us", "published": "2023-08-08T22:15:10.380", - "lastModified": "2023-08-08T22:15:10.380", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:47:02.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39211.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39211.json index e9c6d73e142..a2ef589a70a 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39211.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39211.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39211", "sourceIdentifier": "security@zoom.us", "published": "2023-08-08T22:15:10.473", - "lastModified": "2023-08-08T22:15:10.473", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:47:02.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39212.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39212.json index ff57c566342..5c7f648e901 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39212.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39212.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39212", "sourceIdentifier": "security@zoom.us", "published": "2023-08-08T22:15:10.567", - "lastModified": "2023-08-08T22:15:10.567", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:47:02.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39213.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39213.json index 0cc5cb2f7a4..c76c98dbe67 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39213.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39213.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39213", "sourceIdentifier": "security@zoom.us", "published": "2023-08-08T22:15:10.657", - "lastModified": "2023-08-08T22:15:10.657", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:47:02.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39214.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39214.json index aba32ff4e1e..26e2e1068f5 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39214.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39214.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39214", "sourceIdentifier": "security@zoom.us", "published": "2023-08-08T22:15:10.737", - "lastModified": "2023-08-08T22:15:10.737", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:47:02.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json index 1c139e13689..3dee6a302cc 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39341", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-09T03:15:43.870", - "lastModified": "2023-08-09T03:15:43.870", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:47:02.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39379.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39379.json index ab1b30dea51..2bde6c7c110 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39379.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39379.json @@ -2,23 +2,91 @@ "id": "CVE-2023-39379", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-04T10:15:09.870", - "lastModified": "2023-08-04T15:27:24.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T12:25:04.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.\r\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujitsu:software_infrastructure_manager:2.8.0.060:*:*:*:advanced:-:*:*", + "matchCriteriaId": "EAED8D54-C6FD-45B0-93BB-C2CA9AD9161F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujitsu:software_infrastructure_manager:2.8.0.060:*:*:*:advanced:primeflex:*:*", + "matchCriteriaId": "46473D49-C265-48D1-B903-DBE760EB16AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujitsu:software_infrastructure_manager:2.8.0.060:*:*:*:essential:*:*:*", + "matchCriteriaId": "7F48F74F-D51E-4DFA-8636-E239E6A425C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN38847224/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=en", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json index 7bb9f7e7a3c..45bb22c537f 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39910", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T03:15:44.867", - "lastModified": "2023-08-09T03:15:44.867", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39951.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39951.json index 22812a0d9ba..bc715e08e67 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39951.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39951.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39951", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-08T22:15:10.827", - "lastModified": "2023-08-08T22:15:10.827", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:47:02.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4157.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4157.json index bb119cc343c..602cbd8b60b 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4157.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4157.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4157", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-04T18:15:17.547", - "lastModified": "2023-08-04T18:53:22.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T13:16:43.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,8 +58,18 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +78,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.0.3", + "matchCriteriaId": "B619F3B7-C1D9-4056-9C23-8E39B1185F3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/omeka/omeka-s/commit/8b72619d9731b32dd21ab6dcaa01ccc3bbf0db63", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/abc3521b-1238-4c4e-97f1-2957db670014", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4159.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4159.json index cf0798240a3..11e0d965ad8 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4159.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4159.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4159", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-04T18:15:18.077", - "lastModified": "2023-08-04T18:53:22.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T13:15:41.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.0.3", + "matchCriteriaId": "B619F3B7-C1D9-4056-9C23-8E39B1185F3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/e2e2365e-6a5f-4ca4-9ef1-297e3ed41f9c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json index 00b926f419b..c8dc74077cd 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4239", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-09T03:15:45.230", - "lastModified": "2023-08-09T03:15:45.230", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update." + }, + { + "lang": "es", + "value": "El plugin Real Estate Manager para WordPress es vulnerable a la escalada de privilegios en versiones hasta, e incluyendo, la 6.7.1 debido a una restricci\u00f3n insuficiente en la funci\u00f3n \"rem_save_profile_front\". Esto hace posible que atacantes autenticados, con permisos m\u00ednimos como un suscriptor, modifiquen su rol de usuario suministrando el par\u00e1metro \"wp_capabilities\" durante una actualizaci\u00f3n de perfil. " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4242.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4242.json index 6b37447fccd..ffd1b962367 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4242.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4242.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4242", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-09T04:15:10.657", - "lastModified": "2023-08-09T04:15:10.657", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4243.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4243.json index 85d81338103..02810e242db 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4243.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4243.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4243", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-09T04:15:10.807", - "lastModified": "2023-08-09T04:15:10.807", - "vulnStatus": "Received", + "lastModified": "2023-08-09T12:46:53.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index f04a03b17bb..e7abaa5197a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-09T12:00:30.167809+00:00 +2023-08-09T14:00:31.832047+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-09T11:53:38.847000+00:00 +2023-08-09T13:49:52.743000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222149 +222156 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `7` -* [CVE-2023-23903](CVE-2023/CVE-2023-239xx/CVE-2023-23903.json) (`2023-08-09T10:15:09.687`) -* [CVE-2023-24015](CVE-2023/CVE-2023-240xx/CVE-2023-24015.json) (`2023-08-09T10:15:09.890`) +* [CVE-2023-31448](CVE-2023/CVE-2023-314xx/CVE-2023-31448.json) (`2023-08-09T12:15:09.647`) +* [CVE-2023-31449](CVE-2023/CVE-2023-314xx/CVE-2023-31449.json) (`2023-08-09T12:15:09.823`) +* [CVE-2023-31450](CVE-2023/CVE-2023-314xx/CVE-2023-31450.json) (`2023-08-09T12:15:09.897`) +* [CVE-2023-31452](CVE-2023/CVE-2023-314xx/CVE-2023-31452.json) (`2023-08-09T12:15:09.970`) +* [CVE-2023-32781](CVE-2023/CVE-2023-327xx/CVE-2023-32781.json) (`2023-08-09T12:15:10.047`) +* [CVE-2023-32782](CVE-2023/CVE-2023-327xx/CVE-2023-32782.json) (`2023-08-09T12:15:10.127`) +* [CVE-2023-33953](CVE-2023/CVE-2023-339xx/CVE-2023-33953.json) (`2023-08-09T13:15:09.370`) ### CVEs modified in the last Commit -Recently modified CVEs: `6` +Recently modified CVEs: `54` -* [CVE-2021-34600](CVE-2021/CVE-2021-346xx/CVE-2021-34600.json) (`2023-08-09T11:15:09.560`) -* [CVE-2022-22521](CVE-2022/CVE-2022-225xx/CVE-2022-22521.json) (`2023-08-09T11:15:09.867`) -* [CVE-2022-4224](CVE-2022/CVE-2022-42xx/CVE-2022-4224.json) (`2023-08-09T11:15:10.067`) -* [CVE-2023-2760](CVE-2023/CVE-2023-27xx/CVE-2023-2760.json) (`2023-08-09T11:15:10.280`) -* [CVE-2023-33365](CVE-2023/CVE-2023-333xx/CVE-2023-33365.json) (`2023-08-09T11:34:28.953`) -* [CVE-2023-33366](CVE-2023/CVE-2023-333xx/CVE-2023-33366.json) (`2023-08-09T11:53:38.847`) +* [CVE-2023-37856](CVE-2023/CVE-2023-378xx/CVE-2023-37856.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-37857](CVE-2023/CVE-2023-378xx/CVE-2023-37857.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-37858](CVE-2023/CVE-2023-378xx/CVE-2023-37858.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-37859](CVE-2023/CVE-2023-378xx/CVE-2023-37859.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-37860](CVE-2023/CVE-2023-378xx/CVE-2023-37860.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-37861](CVE-2023/CVE-2023-378xx/CVE-2023-37861.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-37862](CVE-2023/CVE-2023-378xx/CVE-2023-37862.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-37863](CVE-2023/CVE-2023-378xx/CVE-2023-37863.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-37864](CVE-2023/CVE-2023-378xx/CVE-2023-37864.json) (`2023-08-09T12:46:53.387`) +* [CVE-2023-39209](CVE-2023/CVE-2023-392xx/CVE-2023-39209.json) (`2023-08-09T12:47:02.767`) +* [CVE-2023-39210](CVE-2023/CVE-2023-392xx/CVE-2023-39210.json) (`2023-08-09T12:47:02.767`) +* [CVE-2023-39211](CVE-2023/CVE-2023-392xx/CVE-2023-39211.json) (`2023-08-09T12:47:02.767`) +* [CVE-2023-39212](CVE-2023/CVE-2023-392xx/CVE-2023-39212.json) (`2023-08-09T12:47:02.767`) +* [CVE-2023-39213](CVE-2023/CVE-2023-392xx/CVE-2023-39213.json) (`2023-08-09T12:47:02.767`) +* [CVE-2023-39214](CVE-2023/CVE-2023-392xx/CVE-2023-39214.json) (`2023-08-09T12:47:02.767`) +* [CVE-2023-39951](CVE-2023/CVE-2023-399xx/CVE-2023-39951.json) (`2023-08-09T12:47:02.767`) +* [CVE-2023-39341](CVE-2023/CVE-2023-393xx/CVE-2023-39341.json) (`2023-08-09T12:47:02.767`) +* [CVE-2023-38702](CVE-2023/CVE-2023-387xx/CVE-2023-38702.json) (`2023-08-09T13:15:10.613`) +* [CVE-2023-4159](CVE-2023/CVE-2023-41xx/CVE-2023-4159.json) (`2023-08-09T13:15:41.000`) +* [CVE-2023-4157](CVE-2023/CVE-2023-41xx/CVE-2023-4157.json) (`2023-08-09T13:16:43.537`) +* [CVE-2023-38695](CVE-2023/CVE-2023-386xx/CVE-2023-38695.json) (`2023-08-09T13:18:50.527`) +* [CVE-2023-38692](CVE-2023/CVE-2023-386xx/CVE-2023-38692.json) (`2023-08-09T13:19:09.430`) +* [CVE-2023-20800](CVE-2023/CVE-2023-208xx/CVE-2023-20800.json) (`2023-08-09T13:25:26.837`) +* [CVE-2023-20797](CVE-2023/CVE-2023-207xx/CVE-2023-20797.json) (`2023-08-09T13:39:25.510`) +* [CVE-2023-20798](CVE-2023/CVE-2023-207xx/CVE-2023-20798.json) (`2023-08-09T13:49:52.743`) ## Download and Usage