Auto-Update: 2023-05-15T08:00:23.118885+00:00

CVE-2020/CVE-2020-120xx/CVE-2020-12069.json

@@ -2,12 +2,12 @@
   "id": "CVE-2020-12069",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2022-12-26T19:15:10.520",
-  "lastModified": "2023-01-05T16:48:56.523",
+  "lastModified": "2023-05-15T06:15:08.513",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort."
+      "value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
     }
   ],
   "metrics": {
@@ -31,6 +31,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 5.9
+      },
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
       }
     ]
   },
@@ -44,6 +64,16 @@
           "value": "CWE-916"
         }
       ]
+    },
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-916"
+        }
+      ]
     }
   ],
   "configurations": [
@@ -72,6 +102,18 @@
       "tags": [
         "Third Party Advisory"
       ]
+    },
+    {
+      "url": "https://cert.vde.com/en/advisories/VDE-2022-022/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://cert.vde.com/en/advisories/VDE-2022-031/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2023/CVE-2023-25xx/CVE-2023-2591.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-2591",
   "sourceIdentifier": "security@huntr.dev",
   "published": "2023-05-09T10:15:10.683",
-  "lastModified": "2023-05-12T09:28:07.090",
+  "lastModified": "2023-05-15T06:15:09.727",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.7."
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7."
     }
   ],
   "metrics": {
@@ -58,7 +58,7 @@
   },
   "weaknesses": [
     {
-      "source": "nvd@nist.gov",
+      "source": "security@huntr.dev",
       "type": "Primary",
       "description": [
         {
@@ -68,12 +68,12 @@
       ]
     },
     {
-      "source": "security@huntr.dev",
+      "source": "nvd@nist.gov",
       "type": "Secondary",
       "description": [
         {
           "lang": "en",
-          "value": "CWE-94"
+          "value": "CWE-79"
         }
       ]
     }

CVE-2023/CVE-2023-327xx/CVE-2023-32784.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-32784",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-15T06:15:10.427",
+  "lastModified": "2023-05-15T06:15:10.427",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/vdohney/keepass-password-dumper",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-05-15T06:00:23.615303+00:00
+2023-05-15T08:00:23.118885+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-05-15T04:15:10.330000+00:00
+2023-05-15T06:15:10.427000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,27 +29,22 @@ Download and Changelog: [Click](releases/latest)
 ### Total Number of included CVEs
 
 ```plain
-215189
+215190
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `1`
 
-* [CVE-2023-32758](CVE-2023/CVE-2023-327xx/CVE-2023-32758.json) (`2023-05-15T04:15:10.330`)
+* [CVE-2023-32784](CVE-2023/CVE-2023-327xx/CVE-2023-32784.json) (`2023-05-15T06:15:10.427`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `7`
+Recently modified CVEs: `2`
 
-* [CVE-2023-27783](CVE-2023/CVE-2023-277xx/CVE-2023-27783.json) (`2023-05-15T04:15:09.707`)
+* [CVE-2020-12069](CVE-2020/CVE-2020-120xx/CVE-2020-12069.json) (`2023-05-15T06:15:08.513`)
-* [CVE-2023-27784](CVE-2023/CVE-2023-277xx/CVE-2023-27784.json) (`2023-05-15T04:15:09.867`)
+* [CVE-2023-2591](CVE-2023/CVE-2023-25xx/CVE-2023-2591.json) (`2023-05-15T06:15:09.727`)
-* [CVE-2023-27785](CVE-2023/CVE-2023-277xx/CVE-2023-27785.json) (`2023-05-15T04:15:09.953`)
-* [CVE-2023-27786](CVE-2023/CVE-2023-277xx/CVE-2023-27786.json) (`2023-05-15T04:15:10.050`)
-* [CVE-2023-27787](CVE-2023/CVE-2023-277xx/CVE-2023-27787.json) (`2023-05-15T04:15:10.133`)
-* [CVE-2023-27788](CVE-2023/CVE-2023-277xx/CVE-2023-27788.json) (`2023-05-15T04:15:10.190`)
-* [CVE-2023-27789](CVE-2023/CVE-2023-277xx/CVE-2023-27789.json) (`2023-05-15T04:15:10.260`)
 
 
 ## Download and Usage