From 44dcb554249d7f55802670a55e2e2c93eda6a688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Tue, 9 May 2023 04:00:53 +0200 Subject: [PATCH] Auto-Update: 2023-05-09T02:00:51.002610+00:00 --- CVE-2022/CVE-2022-252xx/CVE-2022-25278.json | 84 +++++++++++ CVE-2022/CVE-2022-442xx/CVE-2022-44232.json | 75 ++++++++++ CVE-2023/CVE-2023-08xx/CVE-2023-0834.json | 70 ++++++++- CVE-2023/CVE-2023-21xx/CVE-2023-2140.json | 58 +++++++- CVE-2023/CVE-2023-21xx/CVE-2023-2141.json | 58 +++++++- CVE-2023/CVE-2023-23xx/CVE-2023-2373.json | 108 +++++++++++++- CVE-2023/CVE-2023-267xx/CVE-2023-26782.json | 64 +++++++- CVE-2023/CVE-2023-287xx/CVE-2023-28762.json | 59 ++++++++ CVE-2023/CVE-2023-287xx/CVE-2023-28764.json | 59 ++++++++ CVE-2023/CVE-2023-291xx/CVE-2023-29188.json | 59 ++++++++ CVE-2023/CVE-2023-292xx/CVE-2023-29268.json | 156 ++++++++++++++++++++ CVE-2023/CVE-2023-301xx/CVE-2023-30125.json | 65 +++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30854.json | 48 +++++- README.md | 29 ++-- 14 files changed, 957 insertions(+), 35 deletions(-) create mode 100644 CVE-2022/CVE-2022-252xx/CVE-2022-25278.json create mode 100644 CVE-2022/CVE-2022-442xx/CVE-2022-44232.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28762.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28764.json create mode 100644 CVE-2023/CVE-2023-291xx/CVE-2023-29188.json create mode 100644 CVE-2023/CVE-2023-292xx/CVE-2023-29268.json diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25278.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25278.json new file mode 100644 index 00000000000..e2e0e9c32e0 --- /dev/null +++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25278.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2022-25278", + "sourceIdentifier": "mlhess@drupal.org", + "published": "2023-04-26T15:15:08.747", + "lastModified": "2023-05-09T01:38:43.977", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "9.3.19", + "matchCriteriaId": "5C7F59B6-66D0-4A58-B240-25C001836889" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.4.0", + "versionEndExcluding": "9.4.3", + "matchCriteriaId": "14FEC723-33EE-4E64-B221-86163C584F05" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.drupal.org/sa-core-2022-013", + "source": "mlhess@drupal.org", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-442xx/CVE-2022-44232.json b/CVE-2022/CVE-2022-442xx/CVE-2022-44232.json new file mode 100644 index 00000000000..77ca3204d6d --- /dev/null +++ b/CVE-2022/CVE-2022-442xx/CVE-2022-44232.json @@ -0,0 +1,75 @@ +{ + "id": "CVE-2022-44232", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T19:15:08.613", + "lastModified": "2023-05-09T01:26:15.347", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libming:libming:0.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "DD92BC79-2548-4C6F-9BDD-26C12BDF68AC" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/huanglei3/libming_crashes.git", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0834.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0834.json index d0389babc12..32af36f4b02 100644 --- a/CVE-2023/CVE-2023-08xx/CVE-2023-0834.json +++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0834.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0834", "sourceIdentifier": "security@hypr.com", "published": "2023-04-28T15:15:10.573", - "lastModified": "2023-04-28T17:06:22.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T01:20:26.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@hypr.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "security@hypr.com", "type": "Secondary", @@ -46,10 +76,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.12.0", + "versionEndExcluding": "8.1.0", + "matchCriteriaId": "ACF80E3D-8A91-492B-8EC9-EF0DC8DFEFFA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hypr.com/security-advisories", - "source": "security@hypr.com" + "source": "security@hypr.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2140.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2140.json index 7efa1efdd32..fb5a6ec3562 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2140.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2140.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2140", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2023-04-21T16:15:07.380", - "lastModified": "2023-04-24T13:02:19.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T00:56:42.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2017", + "versionEndIncluding": "2022", + "matchCriteriaId": "C52EE2E6-9E32-4D89-B848-E187676E92B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.3ds.com/vulnerability/advisories", - "source": "3DS.Information-Security@3ds.com" + "source": "3DS.Information-Security@3ds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2141.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2141.json index 1756c2b61ad..6e2e2e65798 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2141.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2141.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2141", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2023-04-21T16:15:07.443", - "lastModified": "2023-04-24T13:02:19.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T01:01:22.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "3DS.Information-Security@3ds.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2017", + "versionEndIncluding": "2022", + "matchCriteriaId": "C52EE2E6-9E32-4D89-B848-E187676E92B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.3ds.com/vulnerability/advisories", - "source": "3DS.Information-Security@3ds.com" + "source": "3DS.Information-Security@3ds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2373.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2373.json index d267ed50d6f..9a5ee7834b4 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2373.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2373.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2373", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T14:15:10.977", - "lastModified": "2023-04-28T17:06:22.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T01:47:02.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,94 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.9", + "matchCriteriaId": "1D3FE42C-7A01-420B-BD79-60992B4DC90F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:-:*:*:*:*:*:*", + "matchCriteriaId": "DD084B6E-95B1-43EC-B44D-067F84857006" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix1:*:*:*:*:*:*", + "matchCriteriaId": "C0CE2156-E44D-4137-B823-E29E9B504090" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix2:*:*:*:*:*:*", + "matchCriteriaId": "D674905D-1E0B-428D-826A-CB75E5E0313C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix4:*:*:*:*:*:*", + "matchCriteriaId": "ACD593F1-F9C4-40F1-AE07-82015E69429F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix5:*:*:*:*:*:*", + "matchCriteriaId": "643B67AA-ED41-4716-8449-E010B44F1900" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix6:*:*:*:*:*:*", + "matchCriteriaId": "ADEBD144-84BF-4A6C-B18F-4DBC6261D0D1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.227649", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227649", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-267xx/CVE-2023-26782.json b/CVE-2023/CVE-2023-267xx/CVE-2023-26782.json index 8ff40b43cf4..2852d04f0cf 100644 --- a/CVE-2023/CVE-2023-267xx/CVE-2023-26782.json +++ b/CVE-2023/CVE-2023-267xx/CVE-2023-26782.json @@ -2,19 +2,75 @@ "id": "CVE-2023-26782", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T20:15:13.883", - "lastModified": "2023-04-28T22:22:40.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T01:54:45.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chshcms:mccms:2.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8979D4F2-6C04-4598-B0B4-F98D0F9E8F1A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/chshcms/mccms/issues/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28762.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28762.json new file mode 100644 index 00000000000..a4e12f6b27c --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28762.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-28762", + "sourceIdentifier": "cna@sap.com", + "published": "2023-05-09T01:15:08.777", + "lastModified": "2023-05-09T01:15:08.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://i7p.wdf.sap.corp/sap/support/notes/3307833", + "source": "cna@sap.com" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28764.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28764.json new file mode 100644 index 00000000000..217675a1d05 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28764.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-28764", + "sourceIdentifier": "cna@sap.com", + "published": "2023-05-09T01:15:08.863", + "lastModified": "2023-05-09T01:15:08.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://i7p.wdf.sap.corp/sap/support/notes/3302595", + "source": "cna@sap.com" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29188.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29188.json new file mode 100644 index 00000000000..fb08bc71c1d --- /dev/null +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29188.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-29188", + "sourceIdentifier": "cna@sap.com", + "published": "2023-05-09T01:15:08.943", + "lastModified": "2023-05-09T01:15:08.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979", + "source": "cna@sap.com" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-292xx/CVE-2023-29268.json b/CVE-2023/CVE-2023-292xx/CVE-2023-29268.json new file mode 100644 index 00000000000..99ac65e2836 --- /dev/null +++ b/CVE-2023/CVE-2023-292xx/CVE-2023-29268.json @@ -0,0 +1,156 @@ +{ + "id": "CVE-2023-29268", + "sourceIdentifier": "security@tibco.com", + "published": "2023-04-26T18:15:09.160", + "lastModified": "2023-05-09T01:31:28.760", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "security@tibco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.4.11", + "matchCriteriaId": "65804033-AECA-41EC-8973-CAE190EF69BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1D37E7A0-F21A-413E-AF65-59340520B6C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4F3602DE-B5AB-4FFA-AAD9-8C42B00988F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "510E83A5-B777-4EE6-851C-F9BE10147594" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "55EABB66-4B3D-4D72-B028-E40491CDC77C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "42A74F6C-267D-4B1F-BF66-A1F10B0B2A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2C677EA4-6EB9-4B9B-9E1E-97555AF1291F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DE304915-AE5B-45C7-BA5C-79AA880F1088" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D69CD443-28E2-4632-95D4-E5EB3F094768" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4EAE9787-53AE-4A38-8223-1F7893CC3CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "C3ECA9B9-6058-4CE5-9535-8ED98022FB74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3E78843D-BBB8-4558-9E56-75CE514FA143" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CA10C631-566D-46BF-93A5-A7A92266FC47" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.tibco.com/services/support/advisories", + "source": "security@tibco.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30125.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30125.json index 4bb427a1bd4..edc5b8a31e8 100644 --- a/CVE-2023/CVE-2023-301xx/CVE-2023-30125.json +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30125.json @@ -2,19 +2,76 @@ "id": "CVE-2023-30125", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T14:15:11.083", - "lastModified": "2023-04-28T17:06:22.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T01:07:27.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eyoucms:eyoucms:1.6.1-utf8-sp1:*:*:*:*:*:*:*", + "matchCriteriaId": "91E07F04-0ABB-44F1-AAA5-E4E8E7B3DE92" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/weng-xianhu/eyoucms/issues/40", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30854.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30854.json index 5296a05dc3e..c0db80274b4 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30854.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30854.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30854", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-28T16:15:10.200", - "lastModified": "2023-04-28T17:06:22.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T01:14:01.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +66,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.4", + "matchCriteriaId": "C7827575-CC53-4298-AA70-AFD19408C79A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 9956bf49055..9ed22d1c49c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-09T00:00:31.306579+00:00 +2023-05-09T02:00:51.002610+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-08T23:15:09.897000+00:00 +2023-05-09T01:54:45.817000+00:00 ``` ### Last Data Feed Release @@ -23,29 +23,38 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](releases/latest) ```plain -2023-05-08T00:00:20.958367+00:00 +2023-05-09T00:00:20.976844+00:00 ``` ### Total Number of included CVEs ```plain -214409 +214412 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `3` -* [CVE-2023-22710](CVE-2023/CVE-2023-227xx/CVE-2023-22710.json) (`2023-05-08T23:15:09.820`) -* [CVE-2023-22813](CVE-2023/CVE-2023-228xx/CVE-2023-22813.json) (`2023-05-08T23:15:09.897`) -* [CVE-2023-23894](CVE-2023/CVE-2023-238xx/CVE-2023-23894.json) (`2023-05-08T22:15:09.163`) -* [CVE-2023-24376](CVE-2023/CVE-2023-243xx/CVE-2023-24376.json) (`2023-05-08T22:15:09.240`) +* [CVE-2023-28762](CVE-2023/CVE-2023-287xx/CVE-2023-28762.json) (`2023-05-09T01:15:08.777`) +* [CVE-2023-28764](CVE-2023/CVE-2023-287xx/CVE-2023-28764.json) (`2023-05-09T01:15:08.863`) +* [CVE-2023-29188](CVE-2023/CVE-2023-291xx/CVE-2023-29188.json) (`2023-05-09T01:15:08.943`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `10` +* [CVE-2022-25278](CVE-2022/CVE-2022-252xx/CVE-2022-25278.json) (`2023-05-09T01:38:43.977`) +* [CVE-2022-44232](CVE-2022/CVE-2022-442xx/CVE-2022-44232.json) (`2023-05-09T01:26:15.347`) +* [CVE-2023-0834](CVE-2023/CVE-2023-08xx/CVE-2023-0834.json) (`2023-05-09T01:20:26.127`) +* [CVE-2023-2140](CVE-2023/CVE-2023-21xx/CVE-2023-2140.json) (`2023-05-09T00:56:42.793`) +* [CVE-2023-2141](CVE-2023/CVE-2023-21xx/CVE-2023-2141.json) (`2023-05-09T01:01:22.827`) +* [CVE-2023-2373](CVE-2023/CVE-2023-23xx/CVE-2023-2373.json) (`2023-05-09T01:47:02.103`) +* [CVE-2023-26782](CVE-2023/CVE-2023-267xx/CVE-2023-26782.json) (`2023-05-09T01:54:45.817`) +* [CVE-2023-29268](CVE-2023/CVE-2023-292xx/CVE-2023-29268.json) (`2023-05-09T01:31:28.760`) +* [CVE-2023-30125](CVE-2023/CVE-2023-301xx/CVE-2023-30125.json) (`2023-05-09T01:07:27.727`) +* [CVE-2023-30854](CVE-2023/CVE-2023-308xx/CVE-2023-30854.json) (`2023-05-09T01:14:01.287`) ## Download and Usage