From 4f99446f68e6b116a374d74ced10a80f5addd81c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Tue, 2 May 2023 04:00:27 +0200 Subject: [PATCH] Auto-Update: 2023-05-02T02:00:24.094027+00:00 --- CVE-2021/CVE-2021-364xx/CVE-2021-36436.json | 64 ++++++++++++++++-- CVE-2023/CVE-2023-208xx/CVE-2023-20864.json | 72 +++++++++++++++++++-- CVE-2023/CVE-2023-208xx/CVE-2023-20865.json | 72 +++++++++++++++++++-- CVE-2023/CVE-2023-222xx/CVE-2023-22295.json | 59 ++++++++++++++++- CVE-2023/CVE-2023-223xx/CVE-2023-22321.json | 59 ++++++++++++++++- CVE-2023/CVE-2023-223xx/CVE-2023-22354.json | 59 ++++++++++++++++- CVE-2023/CVE-2023-228xx/CVE-2023-22846.json | 59 ++++++++++++++++- CVE-2023/CVE-2023-22xx/CVE-2023-2202.json | 55 ++++++++++++++-- CVE-2023/CVE-2023-235xx/CVE-2023-23579.json | 59 ++++++++++++++++- CVE-2023/CVE-2023-300xx/CVE-2023-30076.json | 64 ++++++++++++++++-- README.md | 27 ++++---- 11 files changed, 602 insertions(+), 47 deletions(-) diff --git a/CVE-2021/CVE-2021-364xx/CVE-2021-36436.json b/CVE-2021/CVE-2021-364xx/CVE-2021-36436.json index 13eb68b7c45..60a390321c5 100644 --- a/CVE-2021/CVE-2021-364xx/CVE-2021-36436.json +++ b/CVE-2021/CVE-2021-364xx/CVE-2021-36436.json @@ -2,19 +2,75 @@ "id": "CVE-2021-36436", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-20T21:15:08.510", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T01:47:55.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-640" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mobicint:mobicint:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ABA27A22-F91B-4D7A-AA04-BAA88BFE6E09" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Laransec/Mobicint", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20864.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20864.json index 4b4d80e8292..8c71010f00b 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20864.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20864.json @@ -2,19 +2,83 @@ "id": "CVE-2023-20864", "sourceIdentifier": "security@vmware.com", "published": "2023-04-20T21:15:08.620", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T00:54:05.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.2", + "versionEndExcluding": "8.12.0", + "matchCriteriaId": "67498B85-8EED-47C7-828E-C0184E431E4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndIncluding": "4.5", + "matchCriteriaId": "4BF004A8-90A0-4804-97DA-C2C2005A54AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0007.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20865.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20865.json index f5cd2fc5c2b..2543de443cd 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20865.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20865.json @@ -2,19 +2,83 @@ "id": "CVE-2023-20865", "sourceIdentifier": "security@vmware.com", "published": "2023-04-20T21:15:08.670", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T00:56:29.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.6.0", + "versionEndExcluding": "8.12.0", + "matchCriteriaId": "E6EB0AB7-8866-4ED9-942C-FC7ADF40666B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndIncluding": "4.5", + "matchCriteriaId": "4BF004A8-90A0-4804-97DA-C2C2005A54AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0007.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22295.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22295.json index 60c9a42c502..d4e3b6f7f9c 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22295.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22295.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22295", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-20T19:15:07.157", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T01:16:32.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:datakit:crosscadware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "8007444D-F493-4A50-859E-E4FC62882ACA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-14", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22321.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22321.json index 06238a6305f..23ec635f4e8 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22321.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22321.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22321", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-20T19:15:07.237", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T01:24:09.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:datakit:crosscadware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "8007444D-F493-4A50-859E-E4FC62882ACA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-14", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22354.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22354.json index 842399b07c9..49ff10df12d 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22354.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22354.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22354", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-20T19:15:07.290", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T01:30:56.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:datakit:crosscadware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "8007444D-F493-4A50-859E-E4FC62882ACA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-14", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22846.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22846.json index 8f296192fbe..9dd84a2d99a 100644 --- a/CVE-2023/CVE-2023-228xx/CVE-2023-22846.json +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22846.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22846", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-20T19:15:07.347", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T01:32:29.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:datakit:crosscadware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "8007444D-F493-4A50-859E-E4FC62882ACA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-14", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2202.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2202.json index 38be403c76f..2db40ce924b 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2202.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2202.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2202", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-21T02:15:07.170", - "lastModified": "2023-04-24T13:02:28.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T01:07:35.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rosariosis:rosariosis:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.9.3", + "matchCriteriaId": "6D4CC6F3-6545-4CCA-9E2F-18FFA1F1369C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23579.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23579.json index 29e6ecbc33d..8a7cb6d4dfe 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23579.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23579.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23579", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-20T19:15:07.410", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T01:34:54.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:datakit:crosscadware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "8007444D-F493-4A50-859E-E4FC62882ACA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-14", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30076.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30076.json index 07e09b4d41f..53b09177142 100644 --- a/CVE-2023/CVE-2023-300xx/CVE-2023-30076.json +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30076.json @@ -2,19 +2,75 @@ "id": "CVE-2023-30076", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-20T19:15:07.567", - "lastModified": "2023-04-21T01:45:50.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T01:10:15.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:judging_management_system_project:judging_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FAE693B0-3497-406C-AD53-36AC05735004" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Dzero57/cve_report/blob/main/judging-management-system/SQLi-2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index f22a7676e23..a495e0c3fd1 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-02T00:00:24.299710+00:00 +2023-05-02T02:00:24.094027+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-01T22:15:09.770000+00:00 +2023-05-02T01:47:55.997000+00:00 ``` ### Last Data Feed Release @@ -23,7 +23,7 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](releases/latest) ```plain -2023-05-01T00:00:20.958822+00:00 +2023-05-02T00:00:20.963354+00:00 ``` ### Total Number of included CVEs @@ -34,21 +34,24 @@ Download and Changelog: [Click](releases/latest) ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `0` -* [CVE-2023-26987](CVE-2023/CVE-2023-269xx/CVE-2023-26987.json) (`2023-05-01T22:15:09.483`) -* [CVE-2023-27035](CVE-2023/CVE-2023-270xx/CVE-2023-27035.json) (`2023-05-01T22:15:09.547`) -* [CVE-2023-27108](CVE-2023/CVE-2023-271xx/CVE-2023-27108.json) (`2023-05-01T22:15:09.617`) -* [CVE-2023-29680](CVE-2023/CVE-2023-296xx/CVE-2023-29680.json) (`2023-05-01T22:15:09.673`) -* [CVE-2023-29681](CVE-2023/CVE-2023-296xx/CVE-2023-29681.json) (`2023-05-01T22:15:09.723`) -* [CVE-2023-30639](CVE-2023/CVE-2023-306xx/CVE-2023-30639.json) (`2023-05-01T22:15:09.770`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `10` -* [CVE-2022-46705](CVE-2022/CVE-2022-467xx/CVE-2022-46705.json) (`2023-05-01T22:15:09.363`) +* [CVE-2021-36436](CVE-2021/CVE-2021-364xx/CVE-2021-36436.json) (`2023-05-02T01:47:55.997`) +* [CVE-2023-20864](CVE-2023/CVE-2023-208xx/CVE-2023-20864.json) (`2023-05-02T00:54:05.037`) +* [CVE-2023-20865](CVE-2023/CVE-2023-208xx/CVE-2023-20865.json) (`2023-05-02T00:56:29.957`) +* [CVE-2023-2202](CVE-2023/CVE-2023-22xx/CVE-2023-2202.json) (`2023-05-02T01:07:35.680`) +* [CVE-2023-22295](CVE-2023/CVE-2023-222xx/CVE-2023-22295.json) (`2023-05-02T01:16:32.677`) +* [CVE-2023-22321](CVE-2023/CVE-2023-223xx/CVE-2023-22321.json) (`2023-05-02T01:24:09.213`) +* [CVE-2023-22354](CVE-2023/CVE-2023-223xx/CVE-2023-22354.json) (`2023-05-02T01:30:56.267`) +* [CVE-2023-22846](CVE-2023/CVE-2023-228xx/CVE-2023-22846.json) (`2023-05-02T01:32:29.167`) +* [CVE-2023-23579](CVE-2023/CVE-2023-235xx/CVE-2023-23579.json) (`2023-05-02T01:34:54.727`) +* [CVE-2023-30076](CVE-2023/CVE-2023-300xx/CVE-2023-30076.json) (`2023-05-02T01:10:15.547`) ## Download and Usage