Auto-Update: 2023-04-28T00:00:24.560765+00:00

CVE-2019/CVE-2019-182xx/CVE-2019-18269.json

@@ -2,12 +2,12 @@
   "id": "CVE-2019-18269",
   "sourceIdentifier": "ics-cert@hq.dhs.gov",
   "published": "2019-12-16T20:15:15.773",
-  "lastModified": "2019-12-27T15:02:18.717",
+  "lastModified": "2023-04-27T23:15:14.657",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, the software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control."
+      "value": "\nOmron\u2019s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. \n\n"
     },
     {
       "lang": "es",
@@ -108,6 +108,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf",
+      "source": "ics-cert@hq.dhs.gov"
+    },
     {
       "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02",
       "source": "ics-cert@hq.dhs.gov",

CVE-2023/CVE-2023-19xx/CVE-2023-1967.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-1967",
+  "sourceIdentifier": "ics-cert@hq.dhs.gov",
+  "published": "2023-04-27T22:15:09.187",
+  "lastModified": "2023-04-27T22:15:09.187",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. "
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "ics-cert@hq.dhs.gov",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-502"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01",
+      "source": "ics-cert@hq.dhs.gov"
+    }
+  ]
+}

CVE-2023/CVE-2023-273xx/CVE-2023-27350.json

@@ -2,8 +2,12 @@
   "id": "CVE-2023-27350",
   "sourceIdentifier": "zdi-disclosures@trendmicro.com",
   "published": "2023-04-20T16:15:07.653",
-  "lastModified": "2023-04-20T23:15:06.840",
+  "lastModified": "2023-04-27T22:15:09.740",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Undergoing Analysis",
+  "cisaExploitAdd": "2023-04-21",
+  "cisaActionDue": "2023-05-12",
+  "cisaRequiredAction": "Apply updates per vendor instructions.",
+  "cisaVulnerabilityName": "PaperCut MF/NG Improper Access Control Vulnerability",
   "descriptions": [
     {
       "lang": "en",
@@ -47,6 +51,18 @@
     }
   ],
   "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html",
+      "source": "zdi-disclosures@trendmicro.com"
+    },
+    {
+      "url": "http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html",
+      "source": "zdi-disclosures@trendmicro.com"
+    },
+    {
+      "url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/",
+      "source": "zdi-disclosures@trendmicro.com"
+    },
     {
       "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219",
       "source": "zdi-disclosures@trendmicro.com"

CVE-2023/CVE-2023-283xx/CVE-2023-28384.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-28384",
+  "sourceIdentifier": "ics-cert@hq.dhs.gov",
+  "published": "2023-04-27T23:15:14.867",
+  "lastModified": "2023-04-27T23:15:14.867",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "ics-cert@hq.dhs.gov",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
+      "source": "ics-cert@hq.dhs.gov"
+    }
+  ]
+}

CVE-2023/CVE-2023-284xx/CVE-2023-28400.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-28400",
+  "sourceIdentifier": "ics-cert@hq.dhs.gov",
+  "published": "2023-04-27T23:15:14.917",
+  "lastModified": "2023-04-27T23:15:14.917",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "ics-cert@hq.dhs.gov",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
+      "source": "ics-cert@hq.dhs.gov"
+    }
+  ]
+}

CVE-2023/CVE-2023-287xx/CVE-2023-28716.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-28716",
+  "sourceIdentifier": "ics-cert@hq.dhs.gov",
+  "published": "2023-04-27T23:15:14.963",
+  "lastModified": "2023-04-27T23:15:14.963",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "ics-cert@hq.dhs.gov",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
+      "source": "ics-cert@hq.dhs.gov"
+    }
+  ]
+}

CVE-2023/CVE-2023-291xx/CVE-2023-29150.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-29150",
+  "sourceIdentifier": "ics-cert@hq.dhs.gov",
+  "published": "2023-04-27T23:15:15.007",
+  "lastModified": "2023-04-27T23:15:15.007",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "ics-cert@hq.dhs.gov",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
+      "source": "ics-cert@hq.dhs.gov"
+    }
+  ]
+}

CVE-2023/CVE-2023-291xx/CVE-2023-29169.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-29169",
+  "sourceIdentifier": "ics-cert@hq.dhs.gov",
+  "published": "2023-04-27T23:15:15.050",
+  "lastModified": "2023-04-27T23:15:15.050",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "ics-cert@hq.dhs.gov",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
+      "source": "ics-cert@hq.dhs.gov"
+    }
+  ]
+}

CVE-2023/CVE-2023-303xx/CVE-2023-30380.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-30380",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-04-27T22:15:09.917",
+  "lastModified": "2023-04-27T22:15:09.917",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/Howard512966/DedeCMS-v5.7.107-Directory-Traversal",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-04-27T21:55:25.522143+00:00
+2023-04-28T00:00:24.560765+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-04-27T21:15:10.783000+00:00
+2023-04-27T23:15:15.050000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,44 +29,28 @@ Download and Changelog: [Click](releases/latest)
 ### Total Number of included CVEs
 
 ```plain
-213701
+213708
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `9`
+Recently added CVEs: `7`
 
-* [CVE-2022-25091](CVE-2022/CVE-2022-250xx/CVE-2022-25091.json) (`2023-04-27T21:15:10.343`)
+* [CVE-2023-1967](CVE-2023/CVE-2023-19xx/CVE-2023-1967.json) (`2023-04-27T22:15:09.187`)
-* [CVE-2022-31647](CVE-2022/CVE-2022-316xx/CVE-2022-31647.json) (`2023-04-27T20:15:39.930`)
+* [CVE-2023-28384](CVE-2023/CVE-2023-283xx/CVE-2023-28384.json) (`2023-04-27T23:15:14.867`)
-* [CVE-2022-34292](CVE-2022/CVE-2022-342xx/CVE-2022-34292.json) (`2023-04-27T20:15:40.070`)
+* [CVE-2023-28400](CVE-2023/CVE-2023-284xx/CVE-2023-28400.json) (`2023-04-27T23:15:14.917`)
-* [CVE-2022-37326](CVE-2022/CVE-2022-373xx/CVE-2022-37326.json) (`2023-04-27T20:15:40.113`)
+* [CVE-2023-28716](CVE-2023/CVE-2023-287xx/CVE-2023-28716.json) (`2023-04-27T23:15:14.963`)
-* [CVE-2022-38730](CVE-2022/CVE-2022-387xx/CVE-2022-38730.json) (`2023-04-27T20:15:40.153`)
+* [CVE-2023-29150](CVE-2023/CVE-2023-291xx/CVE-2023-29150.json) (`2023-04-27T23:15:15.007`)
-* [CVE-2023-25437](CVE-2023/CVE-2023-254xx/CVE-2023-25437.json) (`2023-04-27T21:15:10.630`)
+* [CVE-2023-29169](CVE-2023/CVE-2023-291xx/CVE-2023-29169.json) (`2023-04-27T23:15:15.050`)
-* [CVE-2023-29471](CVE-2023/CVE-2023-294xx/CVE-2023-29471.json) (`2023-04-27T21:15:10.710`)
+* [CVE-2023-30380](CVE-2023/CVE-2023-303xx/CVE-2023-30380.json) (`2023-04-27T22:15:09.917`)
-* [CVE-2023-29489](CVE-2023/CVE-2023-294xx/CVE-2023-29489.json) (`2023-04-27T21:15:10.783`)
-* [CVE-2023-29950](CVE-2023/CVE-2023-299xx/CVE-2023-29950.json) (`2023-04-27T20:15:40.207`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `16`
+Recently modified CVEs: `2`
 
-* [CVE-2021-0881](CVE-2021/CVE-2021-08xx/CVE-2021-0881.json) (`2023-04-27T20:29:10.367`)
+* [CVE-2019-18269](CVE-2019/CVE-2019-182xx/CVE-2019-18269.json) (`2023-04-27T23:15:14.657`)
-* [CVE-2021-0882](CVE-2021/CVE-2021-08xx/CVE-2021-0882.json) (`2023-04-27T20:27:13.317`)
+* [CVE-2023-27350](CVE-2023/CVE-2023-273xx/CVE-2023-27350.json) (`2023-04-27T22:15:09.740`)
-* [CVE-2021-0883](CVE-2021/CVE-2021-08xx/CVE-2021-0883.json) (`2023-04-27T20:32:39.413`)
-* [CVE-2021-0884](CVE-2021/CVE-2021-08xx/CVE-2021-0884.json) (`2023-04-27T20:30:01.747`)
-* [CVE-2023-20950](CVE-2023/CVE-2023-209xx/CVE-2023-20950.json) (`2023-04-27T20:42:01.237`)
-* [CVE-2023-20967](CVE-2023/CVE-2023-209xx/CVE-2023-20967.json) (`2023-04-27T20:46:11.307`)
-* [CVE-2023-21080](CVE-2023/CVE-2023-210xx/CVE-2023-21080.json) (`2023-04-27T20:45:58.033`)
-* [CVE-2023-21081](CVE-2023/CVE-2023-210xx/CVE-2023-21081.json) (`2023-04-27T20:45:34.997`)
-* [CVE-2023-24500](CVE-2023/CVE-2023-245xx/CVE-2023-24500.json) (`2023-04-27T20:15:23.703`)
-* [CVE-2023-24501](CVE-2023/CVE-2023-245xx/CVE-2023-24501.json) (`2023-04-27T20:14:40.943`)
-* [CVE-2023-24502](CVE-2023/CVE-2023-245xx/CVE-2023-24502.json) (`2023-04-27T20:13:46.637`)
-* [CVE-2023-24503](CVE-2023/CVE-2023-245xx/CVE-2023-24503.json) (`2023-04-27T20:06:19.567`)
-* [CVE-2023-24504](CVE-2023/CVE-2023-245xx/CVE-2023-24504.json) (`2023-04-27T20:04:37.783`)
-* [CVE-2023-24685](CVE-2023/CVE-2023-246xx/CVE-2023-24685.json) (`2023-04-27T21:15:10.457`)
-* [CVE-2023-28440](CVE-2023/CVE-2023-284xx/CVE-2023-28440.json) (`2023-04-27T20:23:17.573`)
-* [CVE-2023-28839](CVE-2023/CVE-2023-288xx/CVE-2023-28839.json) (`2023-04-27T20:21:36.517`)
 
 
 ## Download and Usage