From 4006adbd1c0e0faa618e74fdda26e26a9c2dbdfe Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 20 Jul 2023 20:01:17 +0000 Subject: [PATCH] Auto-Update: 2023-07-20T20:01:13.697501+00:00 --- CVE-2010/CVE-2010-38xx/CVE-2010-3856.json | 6 +- CVE-2016/CVE-2016-100xx/CVE-2016-10009.json | 6 +- CVE-2021/CVE-2021-30xx/CVE-2021-3011.json | 17 +-- CVE-2021/CVE-2021-373xx/CVE-2021-37386.json | 4 +- CVE-2021/CVE-2021-450xx/CVE-2021-45094.json | 28 +++++ CVE-2022/CVE-2022-01xx/CVE-2022-0140.json | 14 ++- CVE-2022/CVE-2022-01xx/CVE-2022-0164.json | 18 ++- CVE-2022/CVE-2022-03xx/CVE-2022-0345.json | 6 +- CVE-2022/CVE-2022-03xx/CVE-2022-0363.json | 18 ++- CVE-2022/CVE-2022-281xx/CVE-2022-28171.json | 8 +- CVE-2022/CVE-2022-294xx/CVE-2022-29417.json | 14 ++- CVE-2022/CVE-2022-294xx/CVE-2022-29423.json | 4 +- CVE-2022/CVE-2022-29xx/CVE-2022-2943.json | 4 +- CVE-2022/CVE-2022-29xx/CVE-2022-2987.json | 18 ++- CVE-2022/CVE-2022-36xx/CVE-2022-3606.json | 7 +- CVE-2023/CVE-2023-12xx/CVE-2023-1258.json | 14 ++- CVE-2023/CVE-2023-212xx/CVE-2023-21257.json | 69 ++++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21260.json | 78 ++++++++++++- CVE-2023/CVE-2023-225xx/CVE-2023-22508.json | 4 +- CVE-2023/CVE-2023-235xx/CVE-2023-23559.json | 112 ++++++++++++++++-- CVE-2023/CVE-2023-314xx/CVE-2023-31461.json | 24 ++++ CVE-2023/CVE-2023-314xx/CVE-2023-31462.json | 24 ++++ CVE-2023/CVE-2023-33xx/CVE-2023-3317.json | 7 +- CVE-2023/CVE-2023-341xx/CVE-2023-34125.json | 83 ++++++++++++- CVE-2023/CVE-2023-341xx/CVE-2023-34129.json | 83 ++++++++++++- CVE-2023/CVE-2023-341xx/CVE-2023-34130.json | 83 ++++++++++++- CVE-2023/CVE-2023-356xx/CVE-2023-35691.json | 63 +++++++++- CVE-2023/CVE-2023-356xx/CVE-2023-35693.json | 69 ++++++++++- CVE-2023/CVE-2023-356xx/CVE-2023-35694.json | 63 +++++++++- CVE-2023/CVE-2023-358xx/CVE-2023-35885.json | 12 +- CVE-2023/CVE-2023-35xx/CVE-2023-3596.json | 123 +++++++++++++++++++- CVE-2023/CVE-2023-362xx/CVE-2023-36266.json | 68 ++++++++++- CVE-2023/CVE-2023-36xx/CVE-2023-3600.json | 77 +++++++++++- CVE-2023/CVE-2023-371xx/CVE-2023-37164.json | 20 ++++ CVE-2023/CVE-2023-371xx/CVE-2023-37165.json | 20 ++++ CVE-2023/CVE-2023-374xx/CVE-2023-37455.json | 71 ++++++++++- CVE-2023/CVE-2023-375xx/CVE-2023-37560.json | 109 ++++++++++++++++- CVE-2023/CVE-2023-376xx/CVE-2023-37600.json | 20 ++++ CVE-2023/CVE-2023-376xx/CVE-2023-37601.json | 20 ++++ CVE-2023/CVE-2023-376xx/CVE-2023-37602.json | 20 ++++ CVE-2023/CVE-2023-376xx/CVE-2023-37629.json | 8 +- CVE-2023/CVE-2023-377xx/CVE-2023-37728.json | 32 +++++ CVE-2023/CVE-2023-37xx/CVE-2023-3791.json | 88 ++++++++++++++ CVE-2023/CVE-2023-37xx/CVE-2023-3792.json | 88 ++++++++++++++ CVE-2023/CVE-2023-380xx/CVE-2023-38069.json | 47 +++++++- CVE-2023/CVE-2023-383xx/CVE-2023-38334.json | 20 ++++ CVE-2023/CVE-2023-383xx/CVE-2023-38335.json | 20 ++++ CVE-2023/CVE-2023-384xx/CVE-2023-38408.json | 6 +- CVE-2023/CVE-2023-385xx/CVE-2023-38523.json | 60 ++++++++++ CVE-2023/CVE-2023-386xx/CVE-2023-38617.json | 20 ++++ README.md | 80 +++++++------ 51 files changed, 1818 insertions(+), 159 deletions(-) create mode 100644 CVE-2021/CVE-2021-450xx/CVE-2021-45094.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31461.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31462.json create mode 100644 CVE-2023/CVE-2023-371xx/CVE-2023-37164.json create mode 100644 CVE-2023/CVE-2023-371xx/CVE-2023-37165.json create mode 100644 CVE-2023/CVE-2023-376xx/CVE-2023-37600.json create mode 100644 CVE-2023/CVE-2023-376xx/CVE-2023-37601.json create mode 100644 CVE-2023/CVE-2023-376xx/CVE-2023-37602.json create mode 100644 CVE-2023/CVE-2023-377xx/CVE-2023-37728.json create mode 100644 CVE-2023/CVE-2023-37xx/CVE-2023-3791.json create mode 100644 CVE-2023/CVE-2023-37xx/CVE-2023-3792.json create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38334.json create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38335.json create mode 100644 CVE-2023/CVE-2023-385xx/CVE-2023-38523.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38617.json diff --git a/CVE-2010/CVE-2010-38xx/CVE-2010-3856.json b/CVE-2010/CVE-2010-38xx/CVE-2010-3856.json index 583ee72158b..eff13e3ee4b 100644 --- a/CVE-2010/CVE-2010-38xx/CVE-2010-3856.json +++ b/CVE-2010/CVE-2010-38xx/CVE-2010-3856.json @@ -2,7 +2,7 @@ "id": "CVE-2010-3856", "sourceIdentifier": "secalert@redhat.com", "published": "2011-01-07T19:00:17.843", - "lastModified": "2023-07-20T12:15:10.757", + "lastModified": "2023-07-20T18:15:11.027", "vulnStatus": "Modified", "descriptions": [ { @@ -346,6 +346,10 @@ "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "source": "secalert@redhat.com" }, + { + "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", + "source": "secalert@redhat.com" + }, { "url": "http://seclists.org/fulldisclosure/2010/Oct/344", "source": "secalert@redhat.com" diff --git a/CVE-2016/CVE-2016-100xx/CVE-2016-10009.json b/CVE-2016/CVE-2016-100xx/CVE-2016-10009.json index df44c0f03db..397502346b6 100644 --- a/CVE-2016/CVE-2016-100xx/CVE-2016-10009.json +++ b/CVE-2016/CVE-2016-100xx/CVE-2016-10009.json @@ -2,7 +2,7 @@ "id": "CVE-2016-10009", "sourceIdentifier": "cve@mitre.org", "published": "2017-01-05T02:59:03.057", - "lastModified": "2023-07-20T12:15:11.010", + "lastModified": "2023-07-20T18:15:11.230", "vulnStatus": "Modified", "descriptions": [ { @@ -98,6 +98,10 @@ "url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html", "source": "cve@mitre.org" }, + { + "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Jul/31", "source": "cve@mitre.org" diff --git a/CVE-2021/CVE-2021-30xx/CVE-2021-3011.json b/CVE-2021/CVE-2021-30xx/CVE-2021-3011.json index 4e9543b1c9c..704867eb570 100644 --- a/CVE-2021/CVE-2021-30xx/CVE-2021-3011.json +++ b/CVE-2021/CVE-2021-30xx/CVE-2021-3011.json @@ -2,7 +2,7 @@ "id": "CVE-2021-3011", "sourceIdentifier": "cve@mitre.org", "published": "2021-01-07T16:15:12.120", - "lastModified": "2021-01-20T16:03:18.423", + "lastModified": "2023-07-20T18:53:46.410", "vulnStatus": "Analyzed", "descriptions": [ { @@ -302,21 +302,6 @@ "criteria": "cpe:2.3:h:nxp:p5040:-:*:*:*:*:*:*:*", "matchCriteriaId": "8432727D-A0E2-49C1-9F90-91A6F5A940CD" }, - { - "vulnerable": true, - "criteria": "cpe:2.3:h:nxp:smartmx2_p60:-:*:*:*:*:*:*:*", - "matchCriteriaId": "093B7A5F-CF08-4AF5-88A6-257A32631E77" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:h:nxp:smartmx3_p71d320:-:*:*:*:*:*:*:*", - "matchCriteriaId": "0EC853C5-1F33-4F51-8AE1-8C789D5DDC3B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:h:nxp:smartmx3_p71d321:-:*:*:*:*:*:*:*", - "matchCriteriaId": "CF240AD3-4A04-493D-BFBC-C6652FEC0D37" - }, { "vulnerable": true, "criteria": "cpe:2.3:h:yubico:yubikey_neo:-:*:*:*:*:*:*:*", diff --git a/CVE-2021/CVE-2021-373xx/CVE-2021-37386.json b/CVE-2021/CVE-2021-373xx/CVE-2021-37386.json index f45f8252e46..6388e44f603 100644 --- a/CVE-2021/CVE-2021-373xx/CVE-2021-37386.json +++ b/CVE-2021/CVE-2021-373xx/CVE-2021-37386.json @@ -2,12 +2,12 @@ "id": "CVE-2021-37386", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-17T17:15:09.377", - "lastModified": "2023-07-17T17:31:42.010", + "lastModified": "2023-07-20T18:15:11.387", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function." + "value": "HTML Injection vulnerability was found in some ONU models allows remote high privileged authenticated user to send arbitrary HTML tags via web interface, this vulnerability can cause deny of service after device is rebooted if an invalid serial number addressed." } ], "metrics": {}, diff --git a/CVE-2021/CVE-2021-450xx/CVE-2021-45094.json b/CVE-2021/CVE-2021-450xx/CVE-2021-45094.json new file mode 100644 index 00000000000..0802a3fb85e --- /dev/null +++ b/CVE-2021/CVE-2021-450xx/CVE-2021-45094.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2021-45094", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T18:15:11.463", + "lastModified": "2023-07-20T18:15:11.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://aegis9.com.au/blog/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.aegis9.com.au/blog/5/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.imprivata.com/privileged-access-management", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-01xx/CVE-2022-0140.json b/CVE-2022/CVE-2022-01xx/CVE-2022-0140.json index 3fe4230c86f..b7e780bb162 100644 --- a/CVE-2022/CVE-2022-01xx/CVE-2022-0140.json +++ b/CVE-2022/CVE-2022-01xx/CVE-2022-0140.json @@ -2,7 +2,7 @@ "id": "CVE-2022-0140", "sourceIdentifier": "contact@wpscan.com", "published": "2022-04-12T12:15:08.183", - "lastModified": "2023-02-01T15:06:47.207", + "lastModified": "2023-07-20T18:12:18.663", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,8 +65,18 @@ }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-01xx/CVE-2022-0164.json b/CVE-2022/CVE-2022-01xx/CVE-2022-0164.json index 598bda8d616..1549cfa3573 100644 --- a/CVE-2022/CVE-2022-01xx/CVE-2022-0164.json +++ b/CVE-2022/CVE-2022-01xx/CVE-2022-0164.json @@ -2,7 +2,7 @@ "id": "CVE-2022-0164", "sourceIdentifier": "contact@wpscan.com", "published": "2022-02-21T11:15:09.210", - "lastModified": "2022-02-28T20:48:50.287", + "lastModified": "2023-07-20T18:09:50.423", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,8 +65,22 @@ }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-03xx/CVE-2022-0345.json b/CVE-2022/CVE-2022-03xx/CVE-2022-0345.json index 7d056f25a86..86d8037178e 100644 --- a/CVE-2022/CVE-2022-03xx/CVE-2022-0345.json +++ b/CVE-2022/CVE-2022-03xx/CVE-2022-0345.json @@ -2,7 +2,7 @@ "id": "CVE-2022-0345", "sourceIdentifier": "contact@wpscan.com", "published": "2022-02-28T09:15:08.997", - "lastModified": "2022-03-08T16:34:32.343", + "lastModified": "2023-07-20T18:05:39.020", "vulnStatus": "Analyzed", "descriptions": [ { @@ -68,6 +68,10 @@ "source": "nvd@nist.gov", "type": "Primary", "description": [ + { + "lang": "en", + "value": "CWE-352" + }, { "lang": "en", "value": "CWE-862" diff --git a/CVE-2022/CVE-2022-03xx/CVE-2022-0363.json b/CVE-2022/CVE-2022-03xx/CVE-2022-0363.json index 41c8eb880a7..1f44399fadc 100644 --- a/CVE-2022/CVE-2022-03xx/CVE-2022-0363.json +++ b/CVE-2022/CVE-2022-03xx/CVE-2022-0363.json @@ -2,7 +2,7 @@ "id": "CVE-2022-0363", "sourceIdentifier": "contact@wpscan.com", "published": "2022-04-25T16:16:07.577", - "lastModified": "2022-05-03T18:56:06.870", + "lastModified": "2023-07-20T18:07:13.247", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,8 +65,22 @@ }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28171.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28171.json index 04bd5012631..a706ed4bc0a 100644 --- a/CVE-2022/CVE-2022-281xx/CVE-2022-28171.json +++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28171.json @@ -2,8 +2,8 @@ "id": "CVE-2022-28171", "sourceIdentifier": "hsrc@hikvision.com", "published": "2022-06-27T18:15:09.033", - "lastModified": "2023-02-23T17:32:08.433", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-20T18:15:11.537", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -480,6 +480,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.html", + "source": "hsrc@hikvision.com" + }, { "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/", "source": "hsrc@hikvision.com", diff --git a/CVE-2022/CVE-2022-294xx/CVE-2022-29417.json b/CVE-2022/CVE-2022-294xx/CVE-2022-29417.json index fc49455960d..70d1884b636 100644 --- a/CVE-2022/CVE-2022-294xx/CVE-2022-29417.json +++ b/CVE-2022/CVE-2022-294xx/CVE-2022-29417.json @@ -2,7 +2,7 @@ "id": "CVE-2022-29417", "sourceIdentifier": "audit@patchstack.com", "published": "2022-04-25T17:15:37.300", - "lastModified": "2022-05-03T19:55:47.230", + "lastModified": "2023-07-20T18:07:43.587", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,8 +85,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-294xx/CVE-2022-29423.json b/CVE-2022/CVE-2022-294xx/CVE-2022-29423.json index 16efd80c25e..9f1a11345bb 100644 --- a/CVE-2022/CVE-2022-294xx/CVE-2022-29423.json +++ b/CVE-2022/CVE-2022-294xx/CVE-2022-29423.json @@ -2,7 +2,7 @@ "id": "CVE-2022-29423", "sourceIdentifier": "audit@patchstack.com", "published": "2022-05-06T18:15:10.713", - "lastModified": "2022-05-13T18:47:54.743", + "lastModified": "2023-07-20T18:08:55.013", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-29xx/CVE-2022-2943.json b/CVE-2022/CVE-2022-29xx/CVE-2022-2943.json index 23213dd72eb..eb35b6a0e0c 100644 --- a/CVE-2022/CVE-2022-29xx/CVE-2022-2943.json +++ b/CVE-2022/CVE-2022-29xx/CVE-2022-2943.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2943", "sourceIdentifier": "security@wordfence.com", "published": "2022-09-06T18:15:15.267", - "lastModified": "2022-09-13T16:16:37.460", + "lastModified": "2023-07-20T18:06:23.550", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-610" + "value": "CWE-22" } ] }, diff --git a/CVE-2022/CVE-2022-29xx/CVE-2022-2987.json b/CVE-2022/CVE-2022-29xx/CVE-2022-2987.json index a21bab26af4..e3f729ac957 100644 --- a/CVE-2022/CVE-2022-29xx/CVE-2022-2987.json +++ b/CVE-2022/CVE-2022-29xx/CVE-2022-2987.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2987", "sourceIdentifier": "contact@wpscan.com", "published": "2022-09-26T13:15:10.640", - "lastModified": "2022-09-28T16:17:30.420", + "lastModified": "2023-07-20T18:24:39.960", "vulnStatus": "Analyzed", "descriptions": [ { @@ -40,7 +40,7 @@ }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -52,6 +52,20 @@ "value": "CWE-862" } ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3606.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3606.json index 9df98d97b67..ee61a5809db 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3606.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3606.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3606", "sourceIdentifier": "cna@vuldb.com", "published": "2022-10-19T09:15:10.037", - "lastModified": "2022-10-21T20:18:54.980", + "lastModified": "2023-07-20T18:00:49.640", "vulnStatus": "Analyzed", "descriptions": [ { @@ -83,8 +83,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", - "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.2", + "matchCriteriaId": "108695B6-7133-4B6C-80AF-0F66880FE858" } ] } diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1258.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1258.json index 2b92d1f91af..671440d8fe4 100644 --- a/CVE-2023/CVE-2023-12xx/CVE-2023-1258.json +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1258.json @@ -2,12 +2,12 @@ "id": "CVE-2023-1258", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2023-03-31T08:15:06.397", - "lastModified": "2023-04-06T18:24:37.537", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-20T18:15:11.747", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0." + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.\n\n" } ], "metrics": { @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cybersecurity@ch.abb.com", "type": "Primary", "description": [ { @@ -66,7 +66,7 @@ ] }, { - "source": "cybersecurity@ch.abb.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { @@ -303,6 +303,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html", + "source": "cybersecurity@ch.abb.com" + }, { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch", "source": "cybersecurity@ch.abb.com", diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21257.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21257.json index 17302cbef39..41dbfd3196c 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21257.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21257.json @@ -2,23 +2,82 @@ "id": "CVE-2023-21257", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:24.143", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:46:58.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/1aec7feaf07e6d4568ca75d18158445dbeac10f6", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21260.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21260.json index 7a7e2980ab5..7bf7217d03e 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21260.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21260.json @@ -2,19 +2,89 @@ "id": "CVE-2023-21260", "sourceIdentifier": "security@android.com", "published": "2023-07-13T01:15:08.667", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:04:40.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/aaos/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json index 3620bb3d82a..4f320f5f7d7 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json @@ -2,12 +2,12 @@ "id": "CVE-2023-22508", "sourceIdentifier": "security@atlassian.com", "published": "2023-07-18T23:15:09.297", - "lastModified": "2023-07-19T12:47:21.130", + "lastModified": "2023-07-20T19:15:10.250", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.19.8 of Confluence Data Center & Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to this fixed version: 8.2.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html|https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives|https://www.atlassian.com/software/confluence/download-archives]).\n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program." + "value": "This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.4.0 of Confluence Data Center & Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to this fixed version: 8.2.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html|https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives|https://www.atlassian.com/software/confluence/download-archives]).\n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23559.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23559.json index 77cfee0b69b..57123aeed83 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23559.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23559.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23559", "sourceIdentifier": "cve@mitre.org", "published": "2023-01-13T01:15:10.300", - "lastModified": "2023-05-03T14:15:31.700", - "vulnStatus": "Modified", + "lastModified": "2023-07-20T19:00:45.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -56,8 +56,94 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "6.1.5", - "matchCriteriaId": "D7422D87-ACC5-4F92-A672-7F7CEE06F636" + "versionStartIncluding": "2.6.35", + "versionEndExcluding": "4.14.305", + "matchCriteriaId": "61643C98-1E94-411D-9C33-E5B3EA3B2167" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.272", + "matchCriteriaId": "83C4B95C-BD08-4683-A26E-2A65333F2D15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.231", + "matchCriteriaId": "79CA608C-BC5E-4BB5-9250-771AEC44F412" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.166", + "matchCriteriaId": "A44D9D24-661C-40D4-8735-4CEB1C7C02F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.91", + "matchCriteriaId": "91C2E92D-CC25-4FBD-8824-56A148119D7E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.9", + "matchCriteriaId": "ED5B6045-B1D2-4E03-B194-9005A351BCAE" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", + "matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", + "matchCriteriaId": "489D20B9-166F-423D-8C48-A23D3026E33B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", + "matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", + "matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", + "matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" } ] } @@ -67,11 +153,19 @@ "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/", @@ -84,7 +178,11 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230302-0003/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31461.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31461.json new file mode 100644 index 00000000000..5bfb0347f35 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31461.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31461", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T18:15:11.917", + "lastModified": "2023-07-20T18:15:11.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://steelseries.com/gg", + "source": "cve@mitre.org" + }, + { + "url": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31462.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31462.json new file mode 100644 index 00000000000..ce9f0f6f9e8 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31462.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31462", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T18:15:11.970", + "lastModified": "2023-07-20T18:15:11.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://steelseries.com/gg", + "source": "cve@mitre.org" + }, + { + "url": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3317.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3317.json index e5c6ec7f4f5..60d4b52dcd7 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3317.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3317.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3317", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-23T18:15:14.047", - "lastModified": "2023-07-05T14:39:38.013", + "lastModified": "2023-07-20T18:02:32.487", "vulnStatus": "Analyzed", "descriptions": [ { @@ -66,8 +66,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "6.3", - "matchCriteriaId": "3769AA63-B0A8-4EF1-96F9-6A6A6B305A02" + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.2.15", + "matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F" }, { "vulnerable": true, diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34125.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34125.json index e1a7ddf2e8c..a957bbd7814 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34125.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34125.json @@ -2,16 +2,49 @@ "id": "CVE-2023-34125", "sourceIdentifier": "PSIRT@sonicwall.com", "published": "2023-07-13T01:15:08.783", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:43:44.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "PSIRT@sonicwall.com", "type": "Secondary", @@ -23,14 +56,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5.0.4-r7", + "matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.3.2", + "matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*", + "matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*", + "matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", - "source": "PSIRT@sonicwall.com" + "source": "PSIRT@sonicwall.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.sonicwall.com/support/notices/230710150218060", - "source": "PSIRT@sonicwall.com" + "source": "PSIRT@sonicwall.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34129.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34129.json index 110546fcadf..11847641101 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34129.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34129.json @@ -2,16 +2,49 @@ "id": "CVE-2023-34129", "sourceIdentifier": "PSIRT@sonicwall.com", "published": "2023-07-13T02:15:09.303", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:14:47.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "PSIRT@sonicwall.com", "type": "Secondary", @@ -23,14 +56,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5.0.4-r7", + "matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.3.2", + "matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*", + "matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*", + "matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", - "source": "PSIRT@sonicwall.com" + "source": "PSIRT@sonicwall.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.sonicwall.com/support/notices/230710150218060", - "source": "PSIRT@sonicwall.com" + "source": "PSIRT@sonicwall.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34130.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34130.json index 1fce949e57d..db991a3f44c 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34130.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34130.json @@ -2,16 +2,49 @@ "id": "CVE-2023-34130", "sourceIdentifier": "PSIRT@sonicwall.com", "published": "2023-07-13T02:15:09.363", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:18:02.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + }, { "source": "PSIRT@sonicwall.com", "type": "Secondary", @@ -23,14 +56,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5.0.4-r7", + "matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.3.2", + "matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*", + "matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*", + "matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", - "source": "PSIRT@sonicwall.com" + "source": "PSIRT@sonicwall.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.sonicwall.com/support/notices/230710150218060", - "source": "PSIRT@sonicwall.com" + "source": "PSIRT@sonicwall.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35691.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35691.json index 9adfd6af218..37b47c8e3a3 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35691.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35691.json @@ -2,19 +2,74 @@ "id": "CVE-2023-35691", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:24.457", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T18:54:48.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35693.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35693.json index ad9970701a0..27f25fba33a 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35693.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35693.json @@ -2,23 +2,82 @@ "id": "CVE-2023-35693", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:24.503", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T18:43:04.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/kernel/common/+/8ff940b3513cb", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35694.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35694.json index b9794a903fe..5a005a92c5c 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35694.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35694.json @@ -2,19 +2,74 @@ "id": "CVE-2023-35694", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:24.550", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:00:19.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35885.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35885.json index 37f55f21dab..13b6d64850d 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35885.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35885.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35885", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-20T20:15:09.687", - "lastModified": "2023-06-28T02:06:38.247", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-20T19:15:10.367", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -66,12 +66,20 @@ } ], "references": [ + { + "url": "https://github.com/datackmy/FallingSkies-CVE-2023-35885", + "source": "cve@mitre.org" + }, { "url": "https://www.cloudpanel.io/docs/v2/changelog/", "source": "cve@mitre.org", "tags": [ "Release Notes" ] + }, + { + "url": "https://www.datack.my/fallingskies-cloudpanel-0-day/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3596.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3596.json index 53fbb8a2b9b..e672c86338b 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3596.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3596.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3596", "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2023-07-12T13:15:09.947", - "lastModified": "2023-07-12T13:56:22.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:51:44.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "PSIRT@rockwellautomation.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "PSIRT@rockwellautomation.com", "type": "Secondary", @@ -46,10 +76,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB4EB5E2-9FB4-419E-B23A-458436E61121" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*", + "matchCriteriaId": "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AEF09D94-1AE1-4449-8ECA-0A5B1F5019C9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BE4EFEA-79D9-4903-8272-49756A014BD4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12EE978F-DECE-4572-93AE-026D3EDC5878" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E45471FA-99BF-4F57-BFC8-224BB9576670" + } + ] + } + ] + } + ], "references": [ { "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010", - "source": "PSIRT@rockwellautomation.com" + "source": "PSIRT@rockwellautomation.com", + "tags": [ + "Permissions Required", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36266.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36266.json index 90c98f5d2cf..416a762c96b 100644 --- a/CVE-2023/CVE-2023-362xx/CVE-2023-36266.json +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36266.json @@ -2,19 +2,79 @@ "id": "CVE-2023-36266", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-12T16:15:12.953", - "lastModified": "2023-07-12T17:58:12.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:59:06.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:keepersecurity:keeper:16.10.2:*:*:*:*:*:*:*", + "matchCriteriaId": "926BB625-5C6C-484D-BB1E-638225F913E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:keepersecurity:keeperfill:16.5.4:*:*:*:*:*:*:*", + "matchCriteriaId": "422DDA75-B6A7-4B7D-AB44-C6388255327E" + } + ] + } + ] + } + ], "references": [ { "url": "https://harkenzo.tlstickle.com/2023-06-12-Keeper-Password-Dumping/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json index b933c5d91dc..b133a95419c 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json @@ -2,23 +2,90 @@ "id": "CVE-2023-3600", "sourceIdentifier": "security@mozilla.org", "published": "2023-07-12T14:15:10.143", - "lastModified": "2023-07-12T15:17:45.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:46:21.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.2", + "matchCriteriaId": "35531B50-AB55-4A7B-BD06-552A1B9AF861" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.2", + "matchCriteriaId": "9896CC90-D9A1-4C8C-A4FD-43E916A1AB91" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839703", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-26/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37164.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37164.json new file mode 100644 index 00000000000..bd2a36cfdcf --- /dev/null +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37164.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37164", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T19:15:10.460", + "lastModified": "2023-07-20T19:15:10.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.exploit-db.com/exploits/51529", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37165.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37165.json new file mode 100644 index 00000000000..fed8e08e887 --- /dev/null +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37165.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37165", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T19:15:10.530", + "lastModified": "2023-07-20T19:15:10.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.exploit-db.com/exploits/51450", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37455.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37455.json index 7d71f1ab17e..fc6e83dbfa9 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37455.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37455.json @@ -2,23 +2,84 @@ "id": "CVE-2023-37455", "sourceIdentifier": "security@mozilla.org", "published": "2023-07-12T14:15:09.947", - "lastModified": "2023-07-12T15:17:45.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:16:40.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "115", + "matchCriteriaId": "B9F4FD70-6D6F-4191-8210-CB22BF774E08" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1786934", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-25/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37560.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37560.json index 257f7b813a6..20d0387754d 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37560.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37560.json @@ -2,23 +2,122 @@ "id": "CVE-2023-37560", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-07-13T02:15:09.417", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T19:28:00.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.12", + "matchCriteriaId": "218EB4DC-76CF-4940-AB33-EE1CF9D224DF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "079F2DC5-840A-4201-B46C-F9339968D256" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.09", + "matchCriteriaId": "EA8A3899-88B3-49C3-8383-06BADB7789AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A647D35F-778D-418E-9B7A-332EEA313EAC" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN05223215/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.elecom.co.jp/news/security/20230711-01/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37600.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37600.json new file mode 100644 index 00000000000..8c16674eca5 --- /dev/null +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37600.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37600", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T19:15:10.597", + "lastModified": "2023-07-20T19:15:10.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37601.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37601.json new file mode 100644 index 00000000000..3e7bd33e285 --- /dev/null +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37601.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37601", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T19:15:10.663", + "lastModified": "2023-07-20T19:15:10.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://packetstormsecurity.com/files/173146/Office-Suite-Premium-10.9.1.42602-Local-File-Inclusion.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37602.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37602.json new file mode 100644 index 00000000000..861436c5018 --- /dev/null +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37602.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37602", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T19:15:10.727", + "lastModified": "2023-07-20T19:15:10.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.exploit-db.com/exploits/51564", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37629.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37629.json index 1365b44804b..d9a9ee862c6 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37629.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37629.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37629", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-12T17:15:08.777", - "lastModified": "2023-07-20T02:06:08.907", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-20T18:15:12.037", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173656/Online-Piggery-Management-System-1.0-Shell-Upload.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37629", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37728.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37728.json new file mode 100644 index 00000000000..15ab9e1b1a0 --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37728.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-37728", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T18:15:12.110", + "lastModified": "2023-07-20T18:15:12.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://icearp.com", + "source": "cve@mitre.org" + }, + { + "url": "http://icewarp.com", + "source": "cve@mitre.org" + }, + { + "url": "http://mail.ziyan.com/webmail/?color=%22%3E%3Cimg%20src%20onerror=%22alert(0)%22%3E%3C%22%27", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@ayush.engr29/cve-2023-37728-6dfb7586311", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3791.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3791.json new file mode 100644 index 00000000000..0d2989ec784 --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3791.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3791", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-20T18:15:12.353", + "lastModified": "2023-07-20T18:15:12.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/zry-wyj/cve/blob/main/ibos.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.235058", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.235058", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3792.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3792.json new file mode 100644 index 00000000000..03c2c3e2583 --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3792.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3792", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-20T19:15:10.923", + "lastModified": "2023-07-20T19:15:10.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.5, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-425" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CYN521/cve/blob/main/NS-ASG.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.235059", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.235059", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38069.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38069.json index 5184735087d..9f4f8e57cb5 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38069.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38069.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38069", "sourceIdentifier": "security@jetbrains.com", "published": "2023-07-12T13:15:09.810", - "lastModified": "2023-07-12T13:56:22.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-20T18:25:36.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "security@jetbrains.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "1088B47A-C294-4BDA-9BEE-33FA9339D4E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "security@jetbrains.com" + "source": "security@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38334.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38334.json new file mode 100644 index 00000000000..c5bcda39c96 --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38334.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38334", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T18:15:12.170", + "lastModified": "2023-07-20T18:15:12.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an \"irreversible operation.\"" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38335.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38335.json new file mode 100644 index 00000000000..c8b04e77ed0 --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38335.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38335", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T18:15:12.227", + "lastModified": "2023-07-20T18:15:12.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries \"always private\" - this is supposed to be an irreversible operation. However, due to implementation issues, \"always private\" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an \"irreversible operation\"." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json index c67aab955ec..8e695c7a028 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38408", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T03:15:10.170", - "lastModified": "2023-07-20T15:15:11.707", + "lastModified": "2023-07-20T18:15:12.287", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/20/1", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38523.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38523.json new file mode 100644 index 00000000000..de2670f6b99 --- /dev/null +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38523.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-38523", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T19:15:10.793", + "lastModified": "2023-07-20T19:15:10.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://help.harmanpro.com/n1115-svsi-firmware", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/n1x22a-updater", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/n1x33-updater", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/n1x33a-updater", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/n2x35-updater-hotfix", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/n2x35a-updater-hotfix", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/n2xx2-updater-hotfix", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/n2xx2a-updater", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/n3k-updater-hotfix", + "source": "cve@mitre.org" + }, + { + "url": "https://help.harmanpro.com/svsi-n4321-firmware", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.notveg.ninja/blog/CVE-2023-38523/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38617.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38617.json new file mode 100644 index 00000000000..a9db4a82a4c --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38617.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38617", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-20T19:15:10.867", + "lastModified": "2023-07-20T19:15:10.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4e175d19cc4..e9c6a853831 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-20T18:00:44.981141+00:00 +2023-07-20T20:01:13.697501+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-20T17:58:24.967000+00:00 +2023-07-20T19:59:06.357000+00:00 ``` ### Last Data Feed Release @@ -29,49 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -220741 +220756 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `15` -* [CVE-2023-3788](CVE-2023/CVE-2023-37xx/CVE-2023-3788.json) (`2023-07-20T16:15:12.527`) -* [CVE-2023-3789](CVE-2023/CVE-2023-37xx/CVE-2023-3789.json) (`2023-07-20T16:15:12.620`) -* [CVE-2023-38203](CVE-2023/CVE-2023-382xx/CVE-2023-38203.json) (`2023-07-20T16:15:12.180`) -* [CVE-2023-37471](CVE-2023/CVE-2023-374xx/CVE-2023-37471.json) (`2023-07-20T17:15:10.917`) -* [CVE-2023-3790](CVE-2023/CVE-2023-37xx/CVE-2023-3790.json) (`2023-07-20T17:15:11.027`) +* [CVE-2021-45094](CVE-2021/CVE-2021-450xx/CVE-2021-45094.json) (`2023-07-20T18:15:11.463`) +* [CVE-2023-31461](CVE-2023/CVE-2023-314xx/CVE-2023-31461.json) (`2023-07-20T18:15:11.917`) +* [CVE-2023-31462](CVE-2023/CVE-2023-314xx/CVE-2023-31462.json) (`2023-07-20T18:15:11.970`) +* [CVE-2023-37728](CVE-2023/CVE-2023-377xx/CVE-2023-37728.json) (`2023-07-20T18:15:12.110`) +* [CVE-2023-38334](CVE-2023/CVE-2023-383xx/CVE-2023-38334.json) (`2023-07-20T18:15:12.170`) +* [CVE-2023-38335](CVE-2023/CVE-2023-383xx/CVE-2023-38335.json) (`2023-07-20T18:15:12.227`) +* [CVE-2023-3791](CVE-2023/CVE-2023-37xx/CVE-2023-3791.json) (`2023-07-20T18:15:12.353`) +* [CVE-2023-37164](CVE-2023/CVE-2023-371xx/CVE-2023-37164.json) (`2023-07-20T19:15:10.460`) +* [CVE-2023-37165](CVE-2023/CVE-2023-371xx/CVE-2023-37165.json) (`2023-07-20T19:15:10.530`) +* [CVE-2023-37600](CVE-2023/CVE-2023-376xx/CVE-2023-37600.json) (`2023-07-20T19:15:10.597`) +* [CVE-2023-37601](CVE-2023/CVE-2023-376xx/CVE-2023-37601.json) (`2023-07-20T19:15:10.663`) +* [CVE-2023-37602](CVE-2023/CVE-2023-376xx/CVE-2023-37602.json) (`2023-07-20T19:15:10.727`) +* [CVE-2023-38523](CVE-2023/CVE-2023-385xx/CVE-2023-38523.json) (`2023-07-20T19:15:10.793`) +* [CVE-2023-38617](CVE-2023/CVE-2023-386xx/CVE-2023-38617.json) (`2023-07-20T19:15:10.867`) +* [CVE-2023-3792](CVE-2023/CVE-2023-37xx/CVE-2023-3792.json) (`2023-07-20T19:15:10.923`) ### CVEs modified in the last Commit -Recently modified CVEs: `38` +Recently modified CVEs: `35` -* [CVE-2023-32483](CVE-2023/CVE-2023-324xx/CVE-2023-32483.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-32446](CVE-2023/CVE-2023-324xx/CVE-2023-32446.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-32447](CVE-2023/CVE-2023-324xx/CVE-2023-32447.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-32455](CVE-2023/CVE-2023-324xx/CVE-2023-32455.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-3786](CVE-2023/CVE-2023-37xx/CVE-2023-3786.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-32265](CVE-2023/CVE-2023-322xx/CVE-2023-32265.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-32476](CVE-2023/CVE-2023-324xx/CVE-2023-32476.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-34966](CVE-2023/CVE-2023-349xx/CVE-2023-34966.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-34967](CVE-2023/CVE-2023-349xx/CVE-2023-34967.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-34968](CVE-2023/CVE-2023-349xx/CVE-2023-34968.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-3347](CVE-2023/CVE-2023-33xx/CVE-2023-3347.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-3787](CVE-2023/CVE-2023-37xx/CVE-2023-3787.json) (`2023-07-20T16:45:55.920`) -* [CVE-2023-30429](CVE-2023/CVE-2023-304xx/CVE-2023-30429.json) (`2023-07-20T16:47:49.747`) -* [CVE-2023-31007](CVE-2023/CVE-2023-310xx/CVE-2023-31007.json) (`2023-07-20T16:53:07.193`) -* [CVE-2023-25606](CVE-2023/CVE-2023-256xx/CVE-2023-25606.json) (`2023-07-20T17:05:20.230`) -* [CVE-2023-3106](CVE-2023/CVE-2023-31xx/CVE-2023-3106.json) (`2023-07-20T17:11:02.397`) -* [CVE-2023-35908](CVE-2023/CVE-2023-359xx/CVE-2023-35908.json) (`2023-07-20T17:14:37.213`) -* [CVE-2023-3618](CVE-2023/CVE-2023-36xx/CVE-2023-3618.json) (`2023-07-20T17:16:44.123`) -* [CVE-2023-38046](CVE-2023/CVE-2023-380xx/CVE-2023-38046.json) (`2023-07-20T17:24:37.857`) -* [CVE-2023-36543](CVE-2023/CVE-2023-365xx/CVE-2023-36543.json) (`2023-07-20T17:31:19.070`) -* [CVE-2023-37627](CVE-2023/CVE-2023-376xx/CVE-2023-37627.json) (`2023-07-20T17:34:32.177`) -* [CVE-2023-37579](CVE-2023/CVE-2023-375xx/CVE-2023-37579.json) (`2023-07-20T17:37:20.790`) -* [CVE-2023-21400](CVE-2023/CVE-2023-214xx/CVE-2023-21400.json) (`2023-07-20T17:44:06.260`) -* [CVE-2023-21399](CVE-2023/CVE-2023-213xx/CVE-2023-21399.json) (`2023-07-20T17:44:44.537`) -* [CVE-2023-21262](CVE-2023/CVE-2023-212xx/CVE-2023-21262.json) (`2023-07-20T17:47:41.280`) +* [CVE-2022-0164](CVE-2022/CVE-2022-01xx/CVE-2022-0164.json) (`2023-07-20T18:09:50.423`) +* [CVE-2022-0140](CVE-2022/CVE-2022-01xx/CVE-2022-0140.json) (`2023-07-20T18:12:18.663`) +* [CVE-2022-28171](CVE-2022/CVE-2022-281xx/CVE-2022-28171.json) (`2023-07-20T18:15:11.537`) +* [CVE-2022-2987](CVE-2022/CVE-2022-29xx/CVE-2022-2987.json) (`2023-07-20T18:24:39.960`) +* [CVE-2023-3317](CVE-2023/CVE-2023-33xx/CVE-2023-3317.json) (`2023-07-20T18:02:32.487`) +* [CVE-2023-1258](CVE-2023/CVE-2023-12xx/CVE-2023-1258.json) (`2023-07-20T18:15:11.747`) +* [CVE-2023-37629](CVE-2023/CVE-2023-376xx/CVE-2023-37629.json) (`2023-07-20T18:15:12.037`) +* [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2023-07-20T18:15:12.287`) +* [CVE-2023-38069](CVE-2023/CVE-2023-380xx/CVE-2023-38069.json) (`2023-07-20T18:25:36.067`) +* [CVE-2023-35693](CVE-2023/CVE-2023-356xx/CVE-2023-35693.json) (`2023-07-20T18:43:04.370`) +* [CVE-2023-35691](CVE-2023/CVE-2023-356xx/CVE-2023-35691.json) (`2023-07-20T18:54:48.517`) +* [CVE-2023-35694](CVE-2023/CVE-2023-356xx/CVE-2023-35694.json) (`2023-07-20T19:00:19.483`) +* [CVE-2023-23559](CVE-2023/CVE-2023-235xx/CVE-2023-23559.json) (`2023-07-20T19:00:45.357`) +* [CVE-2023-21260](CVE-2023/CVE-2023-212xx/CVE-2023-21260.json) (`2023-07-20T19:04:40.987`) +* [CVE-2023-34129](CVE-2023/CVE-2023-341xx/CVE-2023-34129.json) (`2023-07-20T19:14:47.987`) +* [CVE-2023-22508](CVE-2023/CVE-2023-225xx/CVE-2023-22508.json) (`2023-07-20T19:15:10.250`) +* [CVE-2023-35885](CVE-2023/CVE-2023-358xx/CVE-2023-35885.json) (`2023-07-20T19:15:10.367`) +* [CVE-2023-37455](CVE-2023/CVE-2023-374xx/CVE-2023-37455.json) (`2023-07-20T19:16:40.667`) +* [CVE-2023-34130](CVE-2023/CVE-2023-341xx/CVE-2023-34130.json) (`2023-07-20T19:18:02.093`) +* [CVE-2023-37560](CVE-2023/CVE-2023-375xx/CVE-2023-37560.json) (`2023-07-20T19:28:00.590`) +* [CVE-2023-34125](CVE-2023/CVE-2023-341xx/CVE-2023-34125.json) (`2023-07-20T19:43:44.623`) +* [CVE-2023-3600](CVE-2023/CVE-2023-36xx/CVE-2023-3600.json) (`2023-07-20T19:46:21.273`) +* [CVE-2023-21257](CVE-2023/CVE-2023-212xx/CVE-2023-21257.json) (`2023-07-20T19:46:58.023`) +* [CVE-2023-3596](CVE-2023/CVE-2023-35xx/CVE-2023-3596.json) (`2023-07-20T19:51:44.103`) +* [CVE-2023-36266](CVE-2023/CVE-2023-362xx/CVE-2023-36266.json) (`2023-07-20T19:59:06.357`) ## Download and Usage