From 525ecb0f67c8eeeddac33daf6e392081ec667f64 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 2 Aug 2023 02:00:35 +0000 Subject: [PATCH] Auto-Update: 2023-08-02T02:00:31.995702+00:00 --- CVE-2021/CVE-2021-264xx/CVE-2021-26418.json | 28 +++- CVE-2021/CVE-2021-264xx/CVE-2021-26419.json | 26 +++- CVE-2021/CVE-2021-264xx/CVE-2021-26421.json | 26 +++- CVE-2021/CVE-2021-264xx/CVE-2021-26422.json | 26 +++- CVE-2021/CVE-2021-284xx/CVE-2021-28461.json | 26 +++- CVE-2021/CVE-2021-284xx/CVE-2021-28465.json | 26 +++- CVE-2021/CVE-2021-284xx/CVE-2021-28474.json | 26 +++- CVE-2021/CVE-2021-284xx/CVE-2021-28476.json | 28 +++- CVE-2021/CVE-2021-284xx/CVE-2021-28478.json | 28 +++- CVE-2021/CVE-2021-284xx/CVE-2021-28479.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31165.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31166.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31167.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31168.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31169.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31170.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31171.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31172.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31173.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31174.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31175.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31176.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31178.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31179.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31181.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31182.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31184.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31185.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31186.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31187.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31188.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31190.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31191.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31192.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31193.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31194.json | 26 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31195.json | 28 +++- CVE-2021/CVE-2021-311xx/CVE-2021-31198.json | 28 +++- CVE-2021/CVE-2021-312xx/CVE-2021-31200.json | 26 +++- CVE-2021/CVE-2021-312xx/CVE-2021-31205.json | 26 +++- CVE-2021/CVE-2021-312xx/CVE-2021-31207.json | 26 +++- CVE-2021/CVE-2021-312xx/CVE-2021-31208.json | 28 +++- CVE-2021/CVE-2021-312xx/CVE-2021-31209.json | 26 +++- CVE-2021/CVE-2021-312xx/CVE-2021-31211.json | 28 +++- CVE-2021/CVE-2021-312xx/CVE-2021-31213.json | 26 +++- CVE-2021/CVE-2021-312xx/CVE-2021-31214.json | 28 +++- CVE-2021/CVE-2021-319xx/CVE-2021-31936.json | 26 +++- CVE-2022/CVE-2022-288xx/CVE-2022-28863.json | 69 ++++++++- CVE-2022/CVE-2022-288xx/CVE-2022-28864.json | 69 ++++++++- CVE-2022/CVE-2022-288xx/CVE-2022-28865.json | 69 ++++++++- CVE-2022/CVE-2022-288xx/CVE-2022-28867.json | 69 ++++++++- CVE-2022/CVE-2022-302xx/CVE-2022-30280.json | 69 ++++++++- CVE-2022/CVE-2022-324xx/CVE-2022-32449.json | 8 +- CVE-2023/CVE-2023-06xx/CVE-2023-0632.json | 59 ++++++++ CVE-2023/CVE-2023-12xx/CVE-2023-1210.json | 59 ++++++++ CVE-2023/CVE-2023-21xx/CVE-2023-2164.json | 59 ++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3019.json | 89 ++++++++++- CVE-2023/CVE-2023-314xx/CVE-2023-31428.json | 55 +++++++ CVE-2023/CVE-2023-314xx/CVE-2023-31430.json | 55 +++++++ CVE-2023/CVE-2023-314xx/CVE-2023-31431.json | 55 +++++++ CVE-2023/CVE-2023-314xx/CVE-2023-31432.json | 55 +++++++ CVE-2023/CVE-2023-319xx/CVE-2023-31926.json | 59 ++++++++ CVE-2023/CVE-2023-319xx/CVE-2023-31927.json | 55 +++++++ CVE-2023/CVE-2023-319xx/CVE-2023-31928.json | 55 +++++++ CVE-2023/CVE-2023-323xx/CVE-2023-32381.json | 134 +++++++++++++++-- CVE-2023/CVE-2023-324xx/CVE-2023-32433.json | 154 ++++++++++++++++++-- CVE-2023/CVE-2023-324xx/CVE-2023-32437.json | 71 ++++++++- CVE-2023/CVE-2023-33xx/CVE-2023-3364.json | 59 ++++++++ CVE-2023/CVE-2023-33xx/CVE-2023-3385.json | 59 ++++++++ CVE-2023/CVE-2023-359xx/CVE-2023-35983.json | 92 +++++++++++- CVE-2023/CVE-2023-35xx/CVE-2023-3500.json | 59 ++++++++ CVE-2023/CVE-2023-35xx/CVE-2023-3567.json | 121 ++++++++++++++- CVE-2023/CVE-2023-361xx/CVE-2023-36121.json | 32 ++++ CVE-2023/CVE-2023-368xx/CVE-2023-36854.json | 92 +++++++++++- CVE-2023/CVE-2023-368xx/CVE-2023-36862.json | 66 ++++++++- CVE-2023/CVE-2023-374xx/CVE-2023-37450.json | 120 ++++++++++++++- CVE-2023/CVE-2023-376xx/CVE-2023-37623.json | 79 +++++++++- CVE-2023/CVE-2023-376xx/CVE-2023-37624.json | 74 +++++++++- CVE-2023/CVE-2023-376xx/CVE-2023-37692.json | 64 +++++++- CVE-2023/CVE-2023-377xx/CVE-2023-37732.json | 68 ++++++++- CVE-2023/CVE-2023-381xx/CVE-2023-38133.json | 140 ++++++++++++++++-- CVE-2023/CVE-2023-382xx/CVE-2023-38285.json | 70 ++++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38990.json | 20 +++ CVE-2023/CVE-2023-39xx/CVE-2023-3900.json | 59 ++++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3993.json | 55 +++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3994.json | 59 ++++++++ README.md | 105 +++++++------ 87 files changed, 3784 insertions(+), 334 deletions(-) create mode 100644 CVE-2023/CVE-2023-06xx/CVE-2023-0632.json create mode 100644 CVE-2023/CVE-2023-12xx/CVE-2023-1210.json create mode 100644 CVE-2023/CVE-2023-21xx/CVE-2023-2164.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31428.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31430.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31431.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31432.json create mode 100644 CVE-2023/CVE-2023-319xx/CVE-2023-31926.json create mode 100644 CVE-2023/CVE-2023-319xx/CVE-2023-31927.json create mode 100644 CVE-2023/CVE-2023-319xx/CVE-2023-31928.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3364.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3385.json create mode 100644 CVE-2023/CVE-2023-35xx/CVE-2023-3500.json create mode 100644 CVE-2023/CVE-2023-361xx/CVE-2023-36121.json create mode 100644 CVE-2023/CVE-2023-389xx/CVE-2023-38990.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3900.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3993.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3994.json diff --git a/CVE-2021/CVE-2021-264xx/CVE-2021-26418.json b/CVE-2021/CVE-2021-264xx/CVE-2021-26418.json index df493a1cbfc..dba8920176d 100644 --- a/CVE-2021/CVE-2021-264xx/CVE-2021-26418.json +++ b/CVE-2021/CVE-2021-264xx/CVE-2021-26418.json @@ -2,12 +2,12 @@ "id": "CVE-2021-26418", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:08.793", - "lastModified": "2022-07-12T17:42:04.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:10.887", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172." + "value": "Microsoft SharePoint Server Spoofing Vulnerability" }, { "lang": "es", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", diff --git a/CVE-2021/CVE-2021-264xx/CVE-2021-26419.json b/CVE-2021/CVE-2021-264xx/CVE-2021-26419.json index 550bc1cb97e..8de8e91ee8a 100644 --- a/CVE-2021/CVE-2021-264xx/CVE-2021-26419.json +++ b/CVE-2021/CVE-2021-264xx/CVE-2021-26419.json @@ -2,8 +2,8 @@ "id": "CVE-2021-26419", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:08.837", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.000", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-264xx/CVE-2021-26421.json b/CVE-2021/CVE-2021-264xx/CVE-2021-26421.json index 3669ad0886e..63bf6f11448 100644 --- a/CVE-2021/CVE-2021-264xx/CVE-2021-26421.json +++ b/CVE-2021/CVE-2021-264xx/CVE-2021-26421.json @@ -2,8 +2,8 @@ "id": "CVE-2021-26421", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:08.870", - "lastModified": "2021-05-18T18:38:04.353", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.110", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", diff --git a/CVE-2021/CVE-2021-264xx/CVE-2021-26422.json b/CVE-2021/CVE-2021-264xx/CVE-2021-26422.json index 6644cd0d778..aa509623e97 100644 --- a/CVE-2021/CVE-2021-264xx/CVE-2021-26422.json +++ b/CVE-2021/CVE-2021-264xx/CVE-2021-26422.json @@ -2,8 +2,8 @@ "id": "CVE-2021-26422", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:08.907", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.207", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28461.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28461.json index e0e8ce7b97e..af4faf1bb50 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28461.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28461.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28461", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.023", - "lastModified": "2021-05-17T17:38:07.410", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.300", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28465.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28465.json index 548c1dcc11f..a880e803067 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28465.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28465.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28465", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.060", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.397", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28474.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28474.json index 8e5bdc5f127..6d9407c0a41 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28474.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28474.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28474", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.093", - "lastModified": "2022-07-12T17:42:04.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.487", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28476.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28476.json index 14733cc25f7..ab639b7ce0f 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28476.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28476.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28476", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.133", - "lastModified": "2022-04-29T16:19:50.250", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.583", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Hyper-V Remote Code Execution Vulnerability" + "value": "Windows Hyper-V Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 3.1, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28478.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28478.json index ecbcaff270d..c5e7bc7fb20 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28478.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28478.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28478", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.177", - "lastModified": "2021-05-18T16:50:23.447", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.687", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172." + "value": "Microsoft SharePoint Server Spoofing Vulnerability" }, { "lang": "es", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28479.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28479.json index c09c6acd72f..0a68bf35969 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28479.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28479.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28479", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.220", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.787", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31165.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31165.json index f752efbc6af..83e433210c8 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31165.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31165.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31165", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.267", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.880", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31167, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208." + "value": "Windows Container Manager Service Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31166.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31166.json index a54c119bd59..6dcf8a21c8b 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31166.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31166.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31166", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.300", - "lastModified": "2021-05-26T19:44:53.007", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:11.973", + "vulnStatus": "Modified", "cisaExploitAdd": "2022-04-06", "cisaActionDue": "2022-04-27", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -21,7 +21,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -39,6 +39,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31167.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31167.json index 445c8094475..95e936d7fc1 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31167.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31167.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31167", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.337", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.070", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208." + "value": "Windows Container Manager Service Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31168.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31168.json index a786a5b54af..c4ed1438390 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31168.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31168.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31168", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.380", - "lastModified": "2021-05-14T15:05:24.883", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.160", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31169, CVE-2021-31208." + "value": "Windows Container Manager Service Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31169.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31169.json index be1c2c1dae1..ccc3c1dce7e 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31169.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31169.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31169", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.423", - "lastModified": "2021-05-14T13:55:20.527", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.263", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208." + "value": "Windows Container Manager Service Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31170.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31170.json index a4031c8903a..b4e146fd7eb 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31170.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31170.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31170", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.463", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.357", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31188." + "value": "Windows Graphics Component Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31171.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31171.json index 51da9a81f29..04a715cf11a 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31171.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31171.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31171", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.497", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.447", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31172.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31172.json index df3b6cd5737..b7ba1084f2c 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31172.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31172.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31172", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.527", - "lastModified": "2021-05-18T16:38:49.863", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.537", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478." + "value": "Microsoft SharePoint Server Spoofing Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 4.2 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31173.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31173.json index 405fab92e63..7092479e04c 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31173.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31173.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31173", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.560", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.623", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31174.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31174.json index e7ae69d4ba4..6dd87118c44 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31174.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31174.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31174", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.597", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.713", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31175.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31175.json index 563260b44e5..e8747c7521c 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31175.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31175.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31175", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.633", - "lastModified": "2021-05-18T16:08:54.347", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.807", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31176, CVE-2021-31177, CVE-2021-31179." + "value": "Microsoft Office Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31176.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31176.json index 81c8d879bb0..3432dc52e39 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31176.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31176.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31176", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.670", - "lastModified": "2021-05-17T16:24:59.887", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.900", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31177, CVE-2021-31179." + "value": "Microsoft Office Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31178.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31178.json index 92f23566735..b6158db7ab6 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31178.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31178.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31178", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.737", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:12.993", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31179.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31179.json index 7e5bb8130b5..ff0f597cc0b 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31179.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31179.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31179", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.767", - "lastModified": "2021-05-17T16:23:24.963", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.087", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177." + "value": "Microsoft Office Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31181.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31181.json index 64c4d13f9b7..fec3c54f62e 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31181.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31181.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31181", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.837", - "lastModified": "2022-04-29T16:24:20.793", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.190", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31182.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31182.json index 1f40a49d583..8a2dd369186 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31182.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31182.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31182", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.870", - "lastModified": "2021-05-18T18:33:09.477", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.277", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 4.2 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31184.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31184.json index 69e5b2c7bc2..e28824f1bbc 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31184.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31184.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31184", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.910", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.370", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31185.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31185.json index 7fe1bdc500f..1d154b94c39 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31185.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31185.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31185", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.947", - "lastModified": "2021-05-17T20:29:04.487", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.463", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31186.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31186.json index 4355e3f0f6a..d0817eeaf86 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31186.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31186.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31186", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:09.980", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.547", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31187.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31187.json index c3fa9f545b5..37d1d7f7610 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31187.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31187.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31187", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.017", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.647", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31188.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31188.json index 8d6cd0f9b6d..afeaf37fe8a 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31188.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31188.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31188", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.050", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.743", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31170." + "value": "Windows Graphics Component Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31190.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31190.json index af6946cf75d..15cbde7ad22 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31190.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31190.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31190", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.083", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.837", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31191.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31191.json index 7529a015e65..15ee3185703 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31191.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31191.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31191", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.113", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:13.933", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31192.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31192.json index 44f74ba0c3d..c78f7dfc054 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31192.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31192.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31192", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.143", - "lastModified": "2021-05-18T17:49:58.297", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.037", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31193.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31193.json index 336e4b06787..17198691f46 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31193.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31193.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31193", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.173", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.130", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31194.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31194.json index 63a4f06fd5e..ded6af92eb9 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31194.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31194.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31194", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.200", - "lastModified": "2021-05-17T19:41:26.287", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.223", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31195.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31195.json index d570e79ffa3..4d47b862405 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31195.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31195.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31195", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.227", - "lastModified": "2021-05-17T19:28:31.383", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.323", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31198.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31198.json index 7023e8c7c2e..ad279d7c6af 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31198.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31198.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31198", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.257", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.423", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31195." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31200.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31200.json index 2af0983741d..1b9afd21a73 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31200.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31200.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31200", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.290", - "lastModified": "2021-05-18T19:34:02.727", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.527", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31205.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31205.json index 27cbdc08ec2..d8ce9b964f9 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31205.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31205.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31205", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.363", - "lastModified": "2021-05-18T19:50:34.240", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.637", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31207.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31207.json index f411187248f..ce84627f6ff 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31207.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31207.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31207", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.397", - "lastModified": "2022-07-12T17:42:04.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.737", + "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -21,8 +21,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31208.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31208.json index 54f92e82e48..b37edc8eeea 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31208.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31208.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31208", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.430", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.850", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31169." + "value": "Windows Container Manager Service Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31209.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31209.json index f94b2659160..b02e8ad5ca0 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31209.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31209.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31209", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.467", - "lastModified": "2022-04-29T16:17:44.533", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:14.957", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.2 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31211.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31211.json index 2c689fad095..8d93734a7b9 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31211.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31211.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31211", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.507", - "lastModified": "2021-05-19T02:35:22.653", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:15.053", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31214." + "value": "Visual Studio Code Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31213.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31213.json index 27eb60af705..c061f0402f5 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31213.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31213.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31213", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.537", - "lastModified": "2021-05-18T20:56:48.483", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:15.177", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31214.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31214.json index b13dec3348e..1130363133c 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31214.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31214.json @@ -2,12 +2,12 @@ "id": "CVE-2021-31214", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.567", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:15.387", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31211." + "value": "Visual Studio Code Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-319xx/CVE-2021-31936.json b/CVE-2021/CVE-2021-319xx/CVE-2021-31936.json index eb7d5aeff09..4a5f346bf78 100644 --- a/CVE-2021/CVE-2021-319xx/CVE-2021-31936.json +++ b/CVE-2021/CVE-2021-319xx/CVE-2021-31936.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31936", "sourceIdentifier": "secure@microsoft.com", "published": "2021-05-11T19:15:10.597", - "lastModified": "2021-05-19T20:15:04.053", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:15.657", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json index f404979f728..52755c43eb8 100644 --- a/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json @@ -2,23 +2,82 @@ "id": "CVE-2022-28863", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-24T14:15:10.040", - "lastModified": "2023-07-25T13:01:13.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T01:15:53.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nokia:netact:22.0.0.62:*:*:*:*:*:*:*", + "matchCriteriaId": "62C61495-A220-476A-A995-2418DDF3EBFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gruppotim.it/it/footer/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json index b42e44bbf27..56de865ec8e 100644 --- a/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json @@ -2,23 +2,82 @@ "id": "CVE-2022-28864", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-24T14:15:10.103", - "lastModified": "2023-07-25T13:01:13.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T01:15:43.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nokia:netact:22.0.0.62:*:*:*:*:*:*:*", + "matchCriteriaId": "62C61495-A220-476A-A995-2418DDF3EBFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gruppotim.it/it/footer/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json index a9776e3f16f..57a79a4dcb0 100644 --- a/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json @@ -2,23 +2,82 @@ "id": "CVE-2022-28865", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-24T14:15:10.157", - "lastModified": "2023-07-25T13:01:13.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T01:07:06.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nokia:netact:22.0.0.62:*:*:*:*:*:*:*", + "matchCriteriaId": "62C61495-A220-476A-A995-2418DDF3EBFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gruppotim.it/it/footer/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json index 01bf7947af0..c4007ba5286 100644 --- a/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json @@ -2,23 +2,82 @@ "id": "CVE-2022-28867", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-24T14:15:10.210", - "lastModified": "2023-07-25T13:01:13.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T01:05:10.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nokia:netact:22.0.0.62:*:*:*:*:*:*:*", + "matchCriteriaId": "62C61495-A220-476A-A995-2418DDF3EBFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gruppotim.it/it/footer/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json b/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json index 3e71c155adb..973c56af3b6 100644 --- a/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json +++ b/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json @@ -2,23 +2,82 @@ "id": "CVE-2022-30280", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-24T14:15:10.267", - "lastModified": "2023-07-25T13:01:13.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T01:01:05.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nokia:netact:22.0.0.62:*:*:*:*:*:*:*", + "matchCriteriaId": "62C61495-A220-476A-A995-2418DDF3EBFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gruppotim.it/it/footer/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-324xx/CVE-2022-32449.json b/CVE-2022/CVE-2022-324xx/CVE-2022-32449.json index 5f993eeafd4..449bf92ddb1 100644 --- a/CVE-2022/CVE-2022-324xx/CVE-2022-32449.json +++ b/CVE-2022/CVE-2022-324xx/CVE-2022-32449.json @@ -2,8 +2,8 @@ "id": "CVE-2022-32449", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-07T19:15:08.350", - "lastModified": "2022-07-15T03:08:36.010", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-02T00:15:15.913", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://github.com/winmt/my-vuls/tree/main/TOTOLINK%20EX300_V2", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0632.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0632.json new file mode 100644 index 00000000000..484e6e2affe --- /dev/null +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0632.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-0632", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T00:15:16.163", + "lastModified": "2023-08-02T00:15:16.163", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/390148", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1852677", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1210.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1210.json new file mode 100644 index 00000000000..650a90a9a7d --- /dev/null +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1210.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-1210", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T00:15:16.430", + "lastModified": "2023-08-02T00:15:16.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394775", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1884672", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2164.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2164.json new file mode 100644 index 00000000000..9056f85dc1a --- /dev/null +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2164.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2164", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T00:15:16.683", + "lastModified": "2023-08-02T00:15:16.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407783", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1940598", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json index 1ff80d24638..7e0550a028d 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3019", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:12.253", - "lastModified": "2023-07-25T13:01:09.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T01:00:46.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +54,75 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*", + "matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", + "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3019", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31428.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31428.json new file mode 100644 index 00000000000..c76bd87e743 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31428.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31428", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-02T00:15:16.977", + "lastModified": "2023-08-02T00:15:16.977", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22380", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31430.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31430.json new file mode 100644 index 00000000000..281e3f66c32 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31430.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31430", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-02T00:15:17.187", + "lastModified": "2023-08-02T00:15:17.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow vulnerability in \u201csecpolicydelete\u201d command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22381", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31431.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31431.json new file mode 100644 index 00000000000..3a4db43c158 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31431.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31431", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-02T00:15:17.410", + "lastModified": "2023-08-02T00:15:17.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow vulnerability in \u201cdiagstatus\u201d command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22384", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31432.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31432.json new file mode 100644 index 00000000000..dc2a8a146fe --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31432.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31432", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-02T00:15:17.587", + "lastModified": "2023-08-02T00:15:17.587", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22385", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31926.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31926.json new file mode 100644 index 00000000000..817fd821983 --- /dev/null +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31926.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31926", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-02T01:15:09.343", + "lastModified": "2023-08-02T01:15:09.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + }, + { + "lang": "en", + "value": "CWE-665" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22388", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31927.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31927.json new file mode 100644 index 00000000000..5f044c1f7c8 --- /dev/null +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31927.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31927", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-02T01:15:09.437", + "lastModified": "2023-08-02T01:15:09.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22389", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31928.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31928.json new file mode 100644 index 00000000000..bf04330c39e --- /dev/null +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31928.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31928", + "sourceIdentifier": "sirt@brocade.com", + "published": "2023-08-02T00:15:17.800", + "lastModified": "2023-08-02T00:15:17.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user\u2019s session with the Brocade Webtools application.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22390", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32381.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32381.json index cd028e5f769..7c252242479 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32381.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32381.json @@ -2,39 +2,155 @@ "id": "CVE-2023-32381", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:14.397", - "lastModified": "2023-07-27T12:13:19.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:42:34.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "11.7.9", + "matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.6.8", + "matchCriteriaId": "A47C992E-C336-403A-A534-E1A33C7338DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.5", + "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "339039D5-7AAC-4252-B4F6-BFCEBB48D92A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.6", + "matchCriteriaId": "90DFD981-D950-40B0-A699-4878B653A20D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213841", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213844", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213845", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213846", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213848", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32433.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32433.json index 5345843fb62..64f20ac462f 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32433.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32433.json @@ -2,43 +2,177 @@ "id": "CVE-2023-32433", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:14.877", - "lastModified": "2023-07-27T12:13:19.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:43:07.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.7.8", + "matchCriteriaId": "5E276423-4032-4E12-AB11-88F7047E35EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0", + "versionEndExcluding": "16.6", + "matchCriteriaId": "33013784-1828-4402-81CF-2794D94A7C48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.7.8", + "matchCriteriaId": "8635FA0F-1876-4E3A-B02D-31AEA459C38E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0", + "versionEndExcluding": "16.6", + "matchCriteriaId": "4C67BFEB-764A-4C07-A02A-117C6AFAAC6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "11.7.9", + "matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.6.8", + "matchCriteriaId": "A47C992E-C336-403A-A534-E1A33C7338DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.5", + "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "339039D5-7AAC-4252-B4F6-BFCEBB48D92A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.6", + "matchCriteriaId": "90DFD981-D950-40B0-A699-4878B653A20D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213841", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213842", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213844", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213845", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213846", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213848", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32437.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32437.json index bad13d8a930..7addb49cad8 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32437.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32437.json @@ -2,19 +2,82 @@ "id": "CVE-2023-32437", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:15.013", - "lastModified": "2023-07-27T12:13:19.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:43:20.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213841", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3364.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3364.json new file mode 100644 index 00000000000..3250b498af6 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3364.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3364", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T00:15:18.467", + "lastModified": "2023-08-02T00:15:18.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415995", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1959727", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3385.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3385.json new file mode 100644 index 00000000000..e1409527181 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3385.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3385", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T00:15:18.690", + "lastModified": "2023-08-02T00:15:18.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416161", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2032730", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35983.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35983.json index 724f7cb99e4..8d06f4e701c 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35983.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35983.json @@ -2,27 +2,107 @@ "id": "CVE-2023-35983", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:15.133", - "lastModified": "2023-07-27T12:13:15.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:46:23.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "11.7.9", + "matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.6.8", + "matchCriteriaId": "A47C992E-C336-403A-A534-E1A33C7338DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.5", + "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213844", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213845", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3500.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3500.json new file mode 100644 index 00000000000..c82b6040e28 --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3500.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3500", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T01:15:09.520", + "lastModified": "2023-08-02T01:15:09.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416902", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2010926", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json index 1cab24f76c5..c9b9b59e03d 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3567", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:12.990", - "lastModified": "2023-07-25T13:01:09.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:59:52.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +54,109 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.2.0", + "matchCriteriaId": "2538208F-B820-4423-9F94-E95AF713227F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "5283F553-3742-412C-8FBF-5C48E60E7F73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "BDDE77B0-4959-484D-B7B5-815682FA0EA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "7AA287BA-AA71-4071-814E-FDBA6EAA3B8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc4:*:*:*:*:*:*", + "matchCriteriaId": "8939DBFF-1DFD-4F1D-B01F-75E0F10493A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc5:*:*:*:*:*:*", + "matchCriteriaId": "410F4BA6-C7AA-4235-BDF2-D9DDC3C155D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc6:*:*:*:*:*:*", + "matchCriteriaId": "5403B74F-D6F6-4B8E-8F5A-4468D15A47CA" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3567", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221463", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://www.spinics.net/lists/stable-commits/msg285184.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36121.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36121.json new file mode 100644 index 00000000000..f6c520d8d69 --- /dev/null +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36121.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-36121", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-02T00:15:18.030", + "lastModified": "2023-08-02T00:15:18.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284", + "source": "cve@mitre.org" + }, + { + "url": "https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540", + "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51449", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36854.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36854.json index b47ce9f00bb..84030b0a56c 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36854.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36854.json @@ -2,27 +2,107 @@ "id": "CVE-2023-36854", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:15.247", - "lastModified": "2023-07-27T12:13:15.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:48:51.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "11.7.9", + "matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.6.8", + "matchCriteriaId": "A47C992E-C336-403A-A534-E1A33C7338DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.5", + "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213844", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213845", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36862.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36862.json index 1b552c7923f..13268a5f559 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36862.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36862.json @@ -2,19 +2,77 @@ "id": "CVE-2023-36862", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:15.367", - "lastModified": "2023-07-27T12:13:15.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:51:50.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user\u2019s current location." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.5", + "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37450.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37450.json index 8541f2090ef..d52875de371 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37450.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37450.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37450", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:15.497", - "lastModified": "2023-07-27T12:13:15.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:54:49.737", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-07-13", "cisaActionDue": "2023-08-03", "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", @@ -14,27 +14,131 @@ "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.5.2", + "matchCriteriaId": "7B0824AC-450A-4DC8-8BA6-E59530160953" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.5", + "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "339039D5-7AAC-4252-B4F6-BFCEBB48D92A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.6", + "matchCriteriaId": "90DFD981-D950-40B0-A699-4878B653A20D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213826", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213841", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213846", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213848", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37623.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37623.json index 8cd08412adf..4026a10541e 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37623.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37623.json @@ -2,31 +2,96 @@ "id": "CVE-2023-37623", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-26T20:15:12.670", - "lastModified": "2023-07-26T21:40:11.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:30:17.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netdisco:netdisco:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.063000", + "matchCriteriaId": "49A130E0-9B38-4DA0-82CD-4B2B3376A38F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/benjaminpsinclair/Netdisco-2023-Advisory", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/benjaminpsinclair/Netdisco-CVE", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/netdisco/netdisco/commit/39562e0633a2472d50f7f33e69c36da4ad1fbfa3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/netdisco/netdisco/commit/9f4401f2fb00c84210cd551b97c8ad60e78c71e0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37624.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37624.json index 3499b39ecfa..6a62a640f8e 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37624.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37624.json @@ -2,27 +2,89 @@ "id": "CVE-2023-37624", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-26T20:15:12.727", - "lastModified": "2023-07-26T21:40:11.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:35:41.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netdisco:netdisco:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.063000", + "matchCriteriaId": "49A130E0-9B38-4DA0-82CD-4B2B3376A38F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/benjaminpsinclair/Netdisco-2023-Advisory", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/benjaminpsinclair/Netdisco-CVE", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/netdisco/netdisco/commit/a2da6a7a046c1c0fd41072dd6991eec7614293f8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37692.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37692.json index 854fb84349c..997d83d17ca 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37692.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37692.json @@ -2,19 +2,75 @@ "id": "CVE-2023-37692", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-26T21:15:10.097", - "lastModified": "2023-07-26T21:40:11.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:38:53.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octobercms:october:3.4.4:*:*:*:*:*:*:*", + "matchCriteriaId": "9F837681-220D-49C8-BC9A-AC2D13204220" + } + ] + } + ] + } + ], "references": [ { "url": "https://okankurtulus.com.tr/2023/07/24/october-cms-v3-4-4-stored-cross-site-scripting-xss-authenticated/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37732.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37732.json index b6b0ee2c39a..656454a141d 100644 --- a/CVE-2023/CVE-2023-377xx/CVE-2023-37732.json +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37732.json @@ -2,23 +2,81 @@ "id": "CVE-2023-37732", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-26T21:15:10.153", - "lastModified": "2023-07-26T21:40:11.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:39:04.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0.78.g4dc8:*:*:*:*:*:*:*", + "matchCriteriaId": "0D988178-CCB8-439D-A35D-AF759EC16189" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/ChanStormstout/02eea9cf5c002b42b2ff3de5ca939520", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/yasm/yasm/issues/233", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38133.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38133.json index 358bb63fe1b..8ba9647ae7c 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38133.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38133.json @@ -2,39 +2,161 @@ "id": "CVE-2023-38133", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:15.620", - "lastModified": "2023-07-27T12:13:15.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:55:00.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "DB91291B-DB98-4E2A-BDA6-F9B5C48CDC6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.7.8", + "matchCriteriaId": "5E276423-4032-4E12-AB11-88F7047E35EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0", + "versionEndExcluding": "16.6", + "matchCriteriaId": "33013784-1828-4402-81CF-2794D94A7C48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.7.8", + "matchCriteriaId": "8635FA0F-1876-4E3A-B02D-31AEA459C38E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0", + "versionEndExcluding": "16.6", + "matchCriteriaId": "4C67BFEB-764A-4C07-A02A-117C6AFAAC6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.5", + "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "339039D5-7AAC-4252-B4F6-BFCEBB48D92A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.6", + "matchCriteriaId": "90DFD981-D950-40B0-A699-4878B653A20D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213841", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213842", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213846", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213847", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213848", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38285.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38285.json index 0eebdd7e1d5..7c855865a2c 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38285.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38285.json @@ -2,23 +2,83 @@ "id": "CVE-2023-38285", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-26T21:15:10.207", - "lastModified": "2023-07-26T21:40:11.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-02T00:39:37.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-407" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.0.10", + "matchCriteriaId": "314D5544-E20D-482F-9F39-DE5AA72B1972" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38990.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38990.json new file mode 100644 index 00000000000..bde8e060374 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38990.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38990", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-02T00:15:18.293", + "lastModified": "2023-08-02T00:15:18.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/thinkgem/jeesite/issues/519", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3900.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3900.json new file mode 100644 index 00000000000..f8f9105a586 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3900.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3900", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T01:15:09.607", + "lastModified": "2023-08-02T01:15:09.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418770", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2058514", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3993.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3993.json new file mode 100644 index 00000000000..66844a4470c --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3993.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3993", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T01:15:09.690", + "lastModified": "2023-08-02T01:15:09.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409570", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3994.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3994.json new file mode 100644 index 00000000000..4e8a13c1877 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3994.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3994", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-08-02T01:15:09.773", + "lastModified": "2023-08-02T01:15:09.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416225", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1963255", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c83e63b6fae..60c80466d93 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-01T23:55:28.044540+00:00 +2023-08-02T02:00:31.995702+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-01T23:15:33.793000+00:00 +2023-08-02T01:15:53.020000+00:00 ``` ### Last Data Feed Release @@ -23,75 +23,68 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-08-01T00:00:13.547072+00:00 +2023-08-02T00:00:13.564856+00:00 ``` ### Total Number of included CVEs ```plain -221418 +221436 ``` ### CVEs added in the last Commit -Recently added CVEs: `26` +Recently added CVEs: `18` -* [CVE-2023-31427](CVE-2023/CVE-2023-314xx/CVE-2023-31427.json) (`2023-08-01T23:15:28.770`) -* [CVE-2023-33560](CVE-2023/CVE-2023-335xx/CVE-2023-33560.json) (`2023-08-01T23:15:28.970`) -* [CVE-2023-33561](CVE-2023/CVE-2023-335xx/CVE-2023-33561.json) (`2023-08-01T23:15:29.140`) -* [CVE-2023-33562](CVE-2023/CVE-2023-335xx/CVE-2023-33562.json) (`2023-08-01T23:15:29.293`) -* [CVE-2023-33563](CVE-2023/CVE-2023-335xx/CVE-2023-33563.json) (`2023-08-01T23:15:29.480`) -* [CVE-2023-33564](CVE-2023/CVE-2023-335xx/CVE-2023-33564.json) (`2023-08-01T23:15:29.747`) -* [CVE-2023-34869](CVE-2023/CVE-2023-348xx/CVE-2023-34869.json) (`2023-08-01T23:15:30.017`) -* [CVE-2023-36118](CVE-2023/CVE-2023-361xx/CVE-2023-36118.json) (`2023-08-01T23:15:30.217`) -* [CVE-2023-36351](CVE-2023/CVE-2023-363xx/CVE-2023-36351.json) (`2023-08-01T23:15:30.370`) -* [CVE-2023-3107](CVE-2023/CVE-2023-31xx/CVE-2023-3107.json) (`2023-08-01T23:15:30.580`) -* [CVE-2023-3494](CVE-2023/CVE-2023-34xx/CVE-2023-3494.json) (`2023-08-01T23:15:31.053`) -* [CVE-2023-3727](CVE-2023/CVE-2023-37xx/CVE-2023-3727.json) (`2023-08-01T23:15:31.320`) -* [CVE-2023-3728](CVE-2023/CVE-2023-37xx/CVE-2023-3728.json) (`2023-08-01T23:15:31.490`) -* [CVE-2023-3729](CVE-2023/CVE-2023-37xx/CVE-2023-3729.json) (`2023-08-01T23:15:31.673`) -* [CVE-2023-3730](CVE-2023/CVE-2023-37xx/CVE-2023-3730.json) (`2023-08-01T23:15:31.857`) -* [CVE-2023-3731](CVE-2023/CVE-2023-37xx/CVE-2023-3731.json) (`2023-08-01T23:15:32.047`) -* [CVE-2023-3732](CVE-2023/CVE-2023-37xx/CVE-2023-3732.json) (`2023-08-01T23:15:32.247`) -* [CVE-2023-3733](CVE-2023/CVE-2023-37xx/CVE-2023-3733.json) (`2023-08-01T23:15:32.443`) -* [CVE-2023-3734](CVE-2023/CVE-2023-37xx/CVE-2023-3734.json) (`2023-08-01T23:15:32.607`) -* [CVE-2023-3735](CVE-2023/CVE-2023-37xx/CVE-2023-3735.json) (`2023-08-01T23:15:32.773`) -* [CVE-2023-3736](CVE-2023/CVE-2023-37xx/CVE-2023-3736.json) (`2023-08-01T23:15:33.013`) -* [CVE-2023-3737](CVE-2023/CVE-2023-37xx/CVE-2023-3737.json) (`2023-08-01T23:15:33.177`) -* [CVE-2023-3738](CVE-2023/CVE-2023-37xx/CVE-2023-3738.json) (`2023-08-01T23:15:33.427`) -* [CVE-2023-3739](CVE-2023/CVE-2023-37xx/CVE-2023-3739.json) (`2023-08-01T23:15:33.633`) -* [CVE-2023-3740](CVE-2023/CVE-2023-37xx/CVE-2023-3740.json) (`2023-08-01T23:15:33.793`) +* [CVE-2023-0632](CVE-2023/CVE-2023-06xx/CVE-2023-0632.json) (`2023-08-02T00:15:16.163`) +* [CVE-2023-1210](CVE-2023/CVE-2023-12xx/CVE-2023-1210.json) (`2023-08-02T00:15:16.430`) +* [CVE-2023-2164](CVE-2023/CVE-2023-21xx/CVE-2023-2164.json) (`2023-08-02T00:15:16.683`) +* [CVE-2023-31428](CVE-2023/CVE-2023-314xx/CVE-2023-31428.json) (`2023-08-02T00:15:16.977`) +* [CVE-2023-31430](CVE-2023/CVE-2023-314xx/CVE-2023-31430.json) (`2023-08-02T00:15:17.187`) +* [CVE-2023-31431](CVE-2023/CVE-2023-314xx/CVE-2023-31431.json) (`2023-08-02T00:15:17.410`) +* [CVE-2023-31432](CVE-2023/CVE-2023-314xx/CVE-2023-31432.json) (`2023-08-02T00:15:17.587`) +* [CVE-2023-31928](CVE-2023/CVE-2023-319xx/CVE-2023-31928.json) (`2023-08-02T00:15:17.800`) +* [CVE-2023-36121](CVE-2023/CVE-2023-361xx/CVE-2023-36121.json) (`2023-08-02T00:15:18.030`) +* [CVE-2023-38990](CVE-2023/CVE-2023-389xx/CVE-2023-38990.json) (`2023-08-02T00:15:18.293`) +* [CVE-2023-3364](CVE-2023/CVE-2023-33xx/CVE-2023-3364.json) (`2023-08-02T00:15:18.467`) +* [CVE-2023-3385](CVE-2023/CVE-2023-33xx/CVE-2023-3385.json) (`2023-08-02T00:15:18.690`) +* [CVE-2023-31926](CVE-2023/CVE-2023-319xx/CVE-2023-31926.json) (`2023-08-02T01:15:09.343`) +* [CVE-2023-31927](CVE-2023/CVE-2023-319xx/CVE-2023-31927.json) (`2023-08-02T01:15:09.437`) +* [CVE-2023-3500](CVE-2023/CVE-2023-35xx/CVE-2023-3500.json) (`2023-08-02T01:15:09.520`) +* [CVE-2023-3900](CVE-2023/CVE-2023-39xx/CVE-2023-3900.json) (`2023-08-02T01:15:09.607`) +* [CVE-2023-3993](CVE-2023/CVE-2023-39xx/CVE-2023-3993.json) (`2023-08-02T01:15:09.690`) +* [CVE-2023-3994](CVE-2023/CVE-2023-39xx/CVE-2023-3994.json) (`2023-08-02T01:15:09.773`) ### CVEs modified in the last Commit -Recently modified CVEs: `117` +Recently modified CVEs: `68` -* [CVE-2021-41332](CVE-2021/CVE-2021-413xx/CVE-2021-41332.json) (`2023-08-01T23:15:22.883`) -* [CVE-2021-41334](CVE-2021/CVE-2021-413xx/CVE-2021-41334.json) (`2023-08-01T23:15:23.110`) -* [CVE-2021-41335](CVE-2021/CVE-2021-413xx/CVE-2021-41335.json) (`2023-08-01T23:15:23.330`) -* [CVE-2021-41336](CVE-2021/CVE-2021-413xx/CVE-2021-41336.json) (`2023-08-01T23:15:23.550`) -* [CVE-2021-41337](CVE-2021/CVE-2021-413xx/CVE-2021-41337.json) (`2023-08-01T23:15:23.773`) -* [CVE-2021-41338](CVE-2021/CVE-2021-413xx/CVE-2021-41338.json) (`2023-08-01T23:15:23.917`) -* [CVE-2021-41339](CVE-2021/CVE-2021-413xx/CVE-2021-41339.json) (`2023-08-01T23:15:24.077`) -* [CVE-2021-41340](CVE-2021/CVE-2021-413xx/CVE-2021-41340.json) (`2023-08-01T23:15:24.237`) -* [CVE-2021-41343](CVE-2021/CVE-2021-413xx/CVE-2021-41343.json) (`2023-08-01T23:15:24.397`) -* [CVE-2021-41344](CVE-2021/CVE-2021-413xx/CVE-2021-41344.json) (`2023-08-01T23:15:24.577`) -* [CVE-2021-41345](CVE-2021/CVE-2021-413xx/CVE-2021-41345.json) (`2023-08-01T23:15:24.847`) -* [CVE-2021-41346](CVE-2021/CVE-2021-413xx/CVE-2021-41346.json) (`2023-08-01T23:15:25.023`) -* [CVE-2021-41347](CVE-2021/CVE-2021-413xx/CVE-2021-41347.json) (`2023-08-01T23:15:25.287`) -* [CVE-2021-41348](CVE-2021/CVE-2021-413xx/CVE-2021-41348.json) (`2023-08-01T23:15:25.577`) -* [CVE-2021-41350](CVE-2021/CVE-2021-413xx/CVE-2021-41350.json) (`2023-08-01T23:15:25.887`) -* [CVE-2021-41353](CVE-2021/CVE-2021-413xx/CVE-2021-41353.json) (`2023-08-01T23:15:26.223`) -* [CVE-2021-41354](CVE-2021/CVE-2021-413xx/CVE-2021-41354.json) (`2023-08-01T23:15:26.510`) -* [CVE-2021-41355](CVE-2021/CVE-2021-413xx/CVE-2021-41355.json) (`2023-08-01T23:15:26.790`) -* [CVE-2021-41357](CVE-2021/CVE-2021-413xx/CVE-2021-41357.json) (`2023-08-01T23:15:27.057`) -* [CVE-2021-41361](CVE-2021/CVE-2021-413xx/CVE-2021-41361.json) (`2023-08-01T23:15:27.420`) -* [CVE-2021-42299](CVE-2021/CVE-2021-422xx/CVE-2021-42299.json) (`2023-08-01T23:15:27.730`) -* [CVE-2022-23259](CVE-2022/CVE-2022-232xx/CVE-2022-23259.json) (`2023-08-01T23:15:28.157`) -* [CVE-2022-29144](CVE-2022/CVE-2022-291xx/CVE-2022-29144.json) (`2023-08-01T23:15:28.457`) -* [CVE-2023-28261](CVE-2023/CVE-2023-282xx/CVE-2023-28261.json) (`2023-08-01T22:15:13.187`) -* [CVE-2023-3326](CVE-2023/CVE-2023-33xx/CVE-2023-3326.json) (`2023-08-01T23:15:30.827`) +* [CVE-2021-31211](CVE-2021/CVE-2021-312xx/CVE-2021-31211.json) (`2023-08-02T00:15:15.053`) +* [CVE-2021-31213](CVE-2021/CVE-2021-312xx/CVE-2021-31213.json) (`2023-08-02T00:15:15.177`) +* [CVE-2021-31214](CVE-2021/CVE-2021-312xx/CVE-2021-31214.json) (`2023-08-02T00:15:15.387`) +* [CVE-2021-31936](CVE-2021/CVE-2021-319xx/CVE-2021-31936.json) (`2023-08-02T00:15:15.657`) +* [CVE-2022-32449](CVE-2022/CVE-2022-324xx/CVE-2022-32449.json) (`2023-08-02T00:15:15.913`) +* [CVE-2022-30280](CVE-2022/CVE-2022-302xx/CVE-2022-30280.json) (`2023-08-02T01:01:05.877`) +* [CVE-2022-28867](CVE-2022/CVE-2022-288xx/CVE-2022-28867.json) (`2023-08-02T01:05:10.263`) +* [CVE-2022-28865](CVE-2022/CVE-2022-288xx/CVE-2022-28865.json) (`2023-08-02T01:07:06.837`) +* [CVE-2022-28864](CVE-2022/CVE-2022-288xx/CVE-2022-28864.json) (`2023-08-02T01:15:43.183`) +* [CVE-2022-28863](CVE-2022/CVE-2022-288xx/CVE-2022-28863.json) (`2023-08-02T01:15:53.020`) +* [CVE-2023-37623](CVE-2023/CVE-2023-376xx/CVE-2023-37623.json) (`2023-08-02T00:30:17.953`) +* [CVE-2023-37624](CVE-2023/CVE-2023-376xx/CVE-2023-37624.json) (`2023-08-02T00:35:41.437`) +* [CVE-2023-37692](CVE-2023/CVE-2023-376xx/CVE-2023-37692.json) (`2023-08-02T00:38:53.690`) +* [CVE-2023-37732](CVE-2023/CVE-2023-377xx/CVE-2023-37732.json) (`2023-08-02T00:39:04.113`) +* [CVE-2023-38285](CVE-2023/CVE-2023-382xx/CVE-2023-38285.json) (`2023-08-02T00:39:37.267`) +* [CVE-2023-32381](CVE-2023/CVE-2023-323xx/CVE-2023-32381.json) (`2023-08-02T00:42:34.140`) +* [CVE-2023-32433](CVE-2023/CVE-2023-324xx/CVE-2023-32433.json) (`2023-08-02T00:43:07.483`) +* [CVE-2023-32437](CVE-2023/CVE-2023-324xx/CVE-2023-32437.json) (`2023-08-02T00:43:20.510`) +* [CVE-2023-35983](CVE-2023/CVE-2023-359xx/CVE-2023-35983.json) (`2023-08-02T00:46:23.367`) +* [CVE-2023-36854](CVE-2023/CVE-2023-368xx/CVE-2023-36854.json) (`2023-08-02T00:48:51.350`) +* [CVE-2023-36862](CVE-2023/CVE-2023-368xx/CVE-2023-36862.json) (`2023-08-02T00:51:50.443`) +* [CVE-2023-37450](CVE-2023/CVE-2023-374xx/CVE-2023-37450.json) (`2023-08-02T00:54:49.737`) +* [CVE-2023-38133](CVE-2023/CVE-2023-381xx/CVE-2023-38133.json) (`2023-08-02T00:55:00.387`) +* [CVE-2023-3567](CVE-2023/CVE-2023-35xx/CVE-2023-3567.json) (`2023-08-02T00:59:52.037`) +* [CVE-2023-3019](CVE-2023/CVE-2023-30xx/CVE-2023-3019.json) (`2023-08-02T01:00:46.400`) ## Download and Usage