Auto-Update: 2023-05-23T08:06:40.569383+00:00

CVE-2022/CVE-2022-225xx/CVE-2022-22512.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-22512",
   "sourceIdentifier": "info@cert.vde.com",
   "published": "2023-03-23T06:15:12.367",
-  "lastModified": "2023-03-27T16:14:58.360",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-05-23T07:15:09.060",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -13,7 +13,7 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "nvd@nist.gov",
+        "source": "info@cert.vde.com",
         "type": "Primary",
         "cvssData": {
           "version": "3.1",
@@ -33,24 +33,24 @@
         "impactScore": 5.9
       },
       {
-        "source": "info@cert.vde.com",
+        "source": "nvd@nist.gov",
         "type": "Secondary",
         "cvssData": {
           "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "NONE",
           "userInteraction": "NONE",
           "scope": "UNCHANGED",
-          "confidentialityImpact": "NONE",
+          "confidentialityImpact": "HIGH",
           "integrityImpact": "HIGH",
           "availabilityImpact": "HIGH",
-          "baseScore": 9.1,
+          "baseScore": 9.8,
           "baseSeverity": "CRITICAL"
         },
         "exploitabilityScore": 3.9,
-        "impactScore": 5.2
+        "impactScore": 5.9
       }
     ]
   },

CVE-2023/CVE-2023-17xx/CVE-2023-1731.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-1731",
   "sourceIdentifier": "info@cert.vde.com",
   "published": "2023-04-24T14:15:07.640",
-  "lastModified": "2023-05-03T14:21:49.653",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-05-23T06:15:09.180",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n"
+      "value": "In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n"
     }
   ],
   "metrics": {
@@ -36,7 +36,7 @@
   },
   "weaknesses": [
     {
-      "source": "nvd@nist.gov",
+      "source": "info@cert.vde.com",
       "type": "Primary",
       "description": [
         {
@@ -46,12 +46,12 @@
       ]
     },
     {
-      "source": "info@cert.vde.com",
+      "source": "nvd@nist.gov",
       "type": "Secondary",
       "description": [
         {
           "lang": "en",
-          "value": "CWE-20"
+          "value": "CWE-434"
         }
       ]
     }

CVE-2023/CVE-2023-236xx/CVE-2023-23693.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-23693",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-05-23T07:15:10.163",
+  "lastModified": "2023-05-23T07:15:10.163",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 5.3
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-236xx/CVE-2023-23694.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-23694",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-05-23T07:15:10.317",
+  "lastModified": "2023-05-23T07:15:10.317",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-05-23T06:00:29.805309+00:00
+2023-05-23T08:06:40.569383+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-05-23T05:15:08.827000+00:00
+2023-05-23T07:15:10.317000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,21 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-215833
+215835
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `2`
 
-* [CVE-2023-2844](CVE-2023/CVE-2023-28xx/CVE-2023-2844.json) (`2023-05-23T04:15:09.497`)
-* [CVE-2023-2845](CVE-2023/CVE-2023-28xx/CVE-2023-2845.json) (`2023-05-23T05:15:08.827`)
+* [CVE-2023-23693](CVE-2023/CVE-2023-236xx/CVE-2023-23693.json) (`2023-05-23T07:15:10.163`)
+* [CVE-2023-23694](CVE-2023/CVE-2023-236xx/CVE-2023-23694.json) (`2023-05-23T07:15:10.317`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `2`
 
+* [CVE-2022-22512](CVE-2022/CVE-2022-225xx/CVE-2022-22512.json) (`2023-05-23T07:15:09.060`)
+* [CVE-2023-1731](CVE-2023/CVE-2023-17xx/CVE-2023-1731.json) (`2023-05-23T06:15:09.180`)
 
 
 ## Download and Usage