diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22307.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22307.json index bf797f4818a..a4d14557493 100644 --- a/CVE-2022/CVE-2022-223xx/CVE-2022-22307.json +++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22307.json @@ -2,12 +2,16 @@ "id": "CVE-2022-22307", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-15T01:15:09.920", - "lastModified": "2023-06-15T01:15:09.920", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753." + }, + { + "lang": "es", + "value": "IBM Security Guardium v11.3, v11.4 y v11.5 podr\u00eda permitir a un usuario local obtener privilegios elevados debido a comprobaciones de autorizaci\u00f3n incorrectas. ID de IBM X-Force: 216753. " } ], "metrics": { diff --git a/CVE-2022/CVE-2022-327xx/CVE-2022-32752.json b/CVE-2022/CVE-2022-327xx/CVE-2022-32752.json index 15889573949..5beb329c6c5 100644 --- a/CVE-2022/CVE-2022-327xx/CVE-2022-32752.json +++ b/CVE-2022/CVE-2022-327xx/CVE-2022-32752.json @@ -2,12 +2,16 @@ "id": "CVE-2022-32752", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-15T03:15:09.873", - "lastModified": "2023-06-15T03:15:09.873", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439." + }, + { + "lang": "es", + "value": "IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podr\u00eda permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 228439. " } ], "metrics": { diff --git a/CVE-2022/CVE-2022-327xx/CVE-2022-32757.json b/CVE-2022/CVE-2022-327xx/CVE-2022-32757.json index 824dc7e3ce1..fe723eba79e 100644 --- a/CVE-2022/CVE-2022-327xx/CVE-2022-32757.json +++ b/CVE-2022/CVE-2022-327xx/CVE-2022-32757.json @@ -2,12 +2,16 @@ "id": "CVE-2022-32757", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-15T03:15:09.950", - "lastModified": "2023-06-15T03:15:09.950", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510." + }, + { + "lang": "es", + "value": "IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 utiliza una configuraci\u00f3n de bloqueo de cuentas inadecuada que podr\u00eda permitir a un atacante remoto forzar las credenciales de las cuentas. ID de IBM X-Force: 228510." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33159.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33159.json index 985a489a2c0..dc25165b5ec 100644 --- a/CVE-2022/CVE-2022-331xx/CVE-2022-33159.json +++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33159.json @@ -2,12 +2,16 @@ "id": "CVE-2022-33159", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-15T02:15:09.240", - "lastModified": "2023-06-15T02:15:09.240", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567." + }, + { + "lang": "es", + "value": "IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 almacena las credenciales de usuario en texto sin formato que puede leer un usuario autenticado. ID de IBM X-Force: 228567. " } ], "metrics": { diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33163.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33163.json index 3cd3dfa6834..ea45f1a807f 100644 --- a/CVE-2022/CVE-2022-331xx/CVE-2022-33163.json +++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33163.json @@ -2,12 +2,16 @@ "id": "CVE-2022-33163", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-15T02:15:09.313", - "lastModified": "2023-06-15T02:15:09.313", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571." + }, + { + "lang": "es", + "value": "IBM Security Directory Suite VA v8.0.1 especifica permisos para un recurso cr\u00edtico para la seguridad de una forma que permite que dicho recurso sea le\u00eddo o modificado por actores no deseados. ID de IBM X-Force: 228571. " } ], "metrics": { diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33166.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33166.json index 70ebf69e4c1..4ab6ccea8e1 100644 --- a/CVE-2022/CVE-2022-331xx/CVE-2022-33166.json +++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33166.json @@ -2,12 +2,16 @@ "id": "CVE-2022-33166", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-15T03:15:10.020", - "lastModified": "2023-06-15T03:15:10.020", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586." + }, + { + "lang": "es", + "value": "IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podr\u00eda permitir a un usuario con privilegios cargar archivos maliciosos con formatos peligrosos que pueden procesarse autom\u00e1ticamente en el entorno del producto. ID de IBM X-Force: 228586." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33168.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33168.json index 70e4118c53e..738a77d12f6 100644 --- a/CVE-2022/CVE-2022-331xx/CVE-2022-33168.json +++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33168.json @@ -2,12 +2,16 @@ "id": "CVE-2022-33168", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-15T02:15:09.377", - "lastModified": "2023-06-15T02:15:09.377", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588." + }, + { + "lang": "es", + "value": "IBM Security Directory Suite VA v8.0.1 podr\u00eda permitir a un atacante provocar una denegaci\u00f3n de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 228588. " } ], "metrics": { diff --git a/CVE-2022/CVE-2022-41xx/CVE-2022-4149.json b/CVE-2022/CVE-2022-41xx/CVE-2022-4149.json index 019c799b659..d48d4f524e6 100644 --- a/CVE-2022/CVE-2022-41xx/CVE-2022-4149.json +++ b/CVE-2022/CVE-2022-41xx/CVE-2022-4149.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4149", "sourceIdentifier": "psirt@netskope.com", "published": "2023-06-15T07:15:08.710", - "lastModified": "2023-06-15T07:15:08.710", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0985.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0985.json index 853866be487..aac3e43bbe3 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0985.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0985.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0985", "sourceIdentifier": "info@cert.vde.com", "published": "2023-06-06T11:15:09.093", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T12:04:52.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.13.3", + "matchCriteriaId": "6CC21EC6-52DA-47D9-AC27-9D1707B71467" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.13.3", + "matchCriteriaId": "70123597-DE04-4807-952D-F9CFC9805A34" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2023-002/", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-17xx/CVE-2023-1779.json b/CVE-2023/CVE-2023-17xx/CVE-2023-1779.json index 87fd315159a..cb2c3601f12 100644 --- a/CVE-2023/CVE-2023-17xx/CVE-2023-1779.json +++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1779.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1779", "sourceIdentifier": "info@cert.vde.com", "published": "2023-06-06T11:15:09.913", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T12:36:44.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -36,8 +36,18 @@ }, "weaknesses": [ { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "info@cert.vde.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +56,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.13.3", + "matchCriteriaId": "6CC21EC6-52DA-47D9-AC27-9D1707B71467" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.13.3", + "matchCriteriaId": "70123597-DE04-4807-952D-F9CFC9805A34" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2023-008/", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json index 92f34a9fe43..bc727357fd0 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2270", "sourceIdentifier": "psirt@netskope.com", "published": "2023-06-15T05:15:09.773", - "lastModified": "2023-06-15T05:15:09.773", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2275.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2275.json index 5610303ad37..026b739968a 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2275.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2275.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2275", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:05.777", - "lastModified": "2023-06-09T13:03:29.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T15:31:10.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,26 +66,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wclovers:woocommerce_multivendor_marketplace:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.3", + "matchCriteriaId": "76BF6CD7-9595-4594-A941-745FE709A0A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L151", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L167", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L175", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2904331/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0520601-7e5c-412d-a8da-df1bf8ce28df?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2280.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2280.json index b708aba89bd..ff8604623f3 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2280.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2280.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2280", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:06.027", - "lastModified": "2023-06-09T13:03:29.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T15:25:15.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdirectorykit:wp_directory_kit:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.3", + "matchCriteriaId": "3C1C339B-ED01-4916-AAEF-A121228EC160" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/public/class-wpdirectorykit-public.php#L249", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2907164/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abb1a758-5c16-4841-b1c7-0705ab16b328?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23802.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23802.json new file mode 100644 index 00000000000..99955139597 --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23802.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23802", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-15T13:15:09.440", + "lastModified": "2023-06-15T14:00:53.933", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <=\u00a01.0.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-google-analytics-4-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24420.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24420.json new file mode 100644 index 00000000000..30636865182 --- /dev/null +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24420.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24420", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-15T14:15:09.427", + "lastModified": "2023-06-15T14:15:09.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <=\u00a01.1.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/admin-side-data-storage-for-contact-form-7/wordpress-admin-side-data-storage-for-contact-form-7-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2414.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2414.json index ba4312f0794..4b7b0cdce21 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2414.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2414.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2414", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:07.127", - "lastModified": "2023-06-09T13:03:29.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T14:58:16.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.2.10", + "matchCriteriaId": "94EABBCE-A9C4-4AC5-BE90-C55E524F0D15" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L88", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2450.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2450.json index 184f4d8b373..5c242e19e8f 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2450.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2450.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2450", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:07.427", - "lastModified": "2023-06-09T13:03:29.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T14:57:08.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fibosearch:fibosearch:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.23.0", + "matchCriteriaId": "BDB84F7E-E824-46B4-9473-AA7CED23F00B" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.23.0/includes/Helpers.php#L1229", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.23.0&old=2917453&new_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.24.0&new=2917453&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/880573d8-6dad-4a1b-a5db-33e1dc243062?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2452.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2452.json index 20fb8b04137..a14f6453b55 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2452.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2452.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2452", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:07.850", - "lastModified": "2023-06-09T13:03:29.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T14:56:14.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,20 +64,57 @@ "value": "CWE-79" } ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advanced-woo-search:advanced_woo_search:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.77", + "matchCriteriaId": "C1622ABC-F249-4475-BD13-F3B067E20BB7" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.77/includes/admin/class-aws-admin-options.php#L473", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.77/includes/admin/class-aws-admin-options.php#L481", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4278e9d7-aa1e-47a5-b715-09dae5156303?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2484.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2484.json index 004172f846b..9eeb803b5df 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2484.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2484.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2484", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:08.247", - "lastModified": "2023-06-09T13:03:29.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T13:25:32.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:miniorange:active_directory_integration_\\/_ldap_integration:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.1.4", + "matchCriteriaId": "1091C145-C140-4D4F-8889-B3DBBE1A4E18" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/ldap-login-for-intranet-sites/trunk/class-mo-ldap-user-auth-reports.php?rev=2859403#L64", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25055.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25055.json new file mode 100644 index 00000000000..e273ce89463 --- /dev/null +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25055.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25055", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-15T14:15:09.497", + "lastModified": "2023-06-15T14:15:09.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <=\u00a02.6.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/xml-sitemaps-for-videos/wordpress-google-xml-sitemap-for-videos-plugin-2-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25449.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25449.json new file mode 100644 index 00000000000..d62fcd16cdd --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25449.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25449", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-15T12:15:09.457", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <=\u00a015.0.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cforms2/wordpress-cformsii-plugin-15-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25450.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25450.json new file mode 100644 index 00000000000..0b2eb648c99 --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25450.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25450", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-15T13:15:09.513", + "lastModified": "2023-06-15T14:00:53.933", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform plugin <=\u00a02.25.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-request-forgery-csrf-via-give-cache-flush-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25683.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25683.json index 5d3989d5d08..645be1fcf81 100644 --- a/CVE-2023/CVE-2023-256xx/CVE-2023-25683.json +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25683.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25683", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-15T01:15:10.010", - "lastModified": "2023-06-15T01:15:10.010", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25972.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25972.json new file mode 100644 index 00000000000..e18db6e2006 --- /dev/null +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25972.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25972", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-15T13:15:09.577", + "lastModified": "2023-06-15T14:00:53.933", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <=\u00a03.7 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/iksweb/wordpress-start-plugin-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2526.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2526.json index 50e34667bc9..ec621f9a305 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2526.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2526.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2526", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:08.387", - "lastModified": "2023-06-09T13:03:29.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T13:39:10.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,22 +66,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:supsystic:easy_google_maps:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.11.7", + "matchCriteriaId": "66FD47B5-27B2-4549-A4A7-9C1C236E798C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/google-maps-easy/trunk/classes/frame.php?rev=2777743#L246", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2916430/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2916430/google-maps-easy/trunk/classes/frame.php?contextall=1", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27634.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27634.json new file mode 100644 index 00000000000..b94e3e66a8f --- /dev/null +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27634.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27634", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-15T14:15:09.563", + "lastModified": "2023-06-15T14:15:09.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload\u00a0in Shingo Intrepidity plugin <=\u00a01.5.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/intrepidity/wordpress-intrepidity-theme-1-5-1-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28175.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28175.json index 92e2d7e2a6f..4fe4983d6f7 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28175.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28175.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28175", "sourceIdentifier": "psirt@bosch.com", "published": "2023-06-15T11:15:09.227", - "lastModified": "2023-06-15T11:15:09.227", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2819.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2819.json index a5cbe59b281..8c926f82c93 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2819.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2819.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2819", "sourceIdentifier": "security@proofpoint.com", "published": "2023-06-14T22:15:09.203", - "lastModified": "2023-06-14T22:15:09.203", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:22.420", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2820.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2820.json index 359c9b780f3..deca128def5 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2820.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2820.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2820", "sourceIdentifier": "security@proofpoint.com", "published": "2023-06-14T22:15:09.273", - "lastModified": "2023-06-14T22:15:09.273", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:22.420", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2847.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2847.json index da244de13fb..c0c29fcf817 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2847.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2847.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2847", "sourceIdentifier": "security@eset.com", "published": "2023-06-15T08:15:09.150", - "lastModified": "2023-06-15T08:15:09.150", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json index 082f83a9f98..9b4d541a903 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3193", "sourceIdentifier": "security@liferay.com", "published": "2023-06-15T04:15:34.727", - "lastModified": "2023-06-15T04:15:34.727", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32229.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32229.json index eece0715e62..681628c8be7 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32229.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32229.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32229", "sourceIdentifier": "psirt@bosch.com", "published": "2023-06-15T11:15:09.347", - "lastModified": "2023-06-15T11:15:09.347", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32550.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32550.json index b401e5a91b8..8636cd312ce 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32550.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32550.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32550", "sourceIdentifier": "security@ubuntu.com", "published": "2023-06-06T16:15:10.687", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T12:17:00.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:canonical:landscape:*:*:*:*:*:*:*:*", + "versionEndExcluding": "19.10.5", + "matchCriteriaId": "4E6417F0-0BD2-493C-A7DF-929B95D2D124" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.launchpad.net/landscape/+bug/1929037", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Issue Tracking", + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3274.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3274.json new file mode 100644 index 00000000000..fb514296e18 --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3274.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3274", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-15T13:15:09.647", + "lastModified": "2023-06-15T14:00:53.933", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.231624", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.231624", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3275.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3275.json new file mode 100644 index 00000000000..7a6065e6954 --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3275.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-3275", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-15T13:15:09.713", + "lastModified": "2023-06-15T14:00:53.933", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.231625", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.231625", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3276.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3276.json new file mode 100644 index 00000000000..43c18c057ce --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3276.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3276", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-15T13:15:09.773", + "lastModified": "2023-06-15T14:00:53.933", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.231626", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.231626", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33381.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33381.json index f0a4a3e6db1..b3ccb630044 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33381.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33381.json @@ -2,27 +2,101 @@ "id": "CVE-2023-33381", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T12:15:09.250", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T14:04:54.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitrastar:gpt-2741gnac_firmware:ar_g5.8_110wvn0b7_2:*:*:*:*:*:*:*", + "matchCriteriaId": "3DFB4C77-B721-4BF1-8CD5-147DE6C0B065" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitrastar:gpt-2741gnac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E1D33BCB-6C48-4B5D-BD06-A0F0344A9C2D" + } + ] + } + ] + } + ], "references": [ { "url": "http://gpt-2741gnac.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://mitrastar.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33530.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33530.json index 6ba0a3abffe..45415cbafc2 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33530.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33530.json @@ -2,23 +2,93 @@ "id": "CVE-2023-33530", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T13:15:15.900", - "lastModified": "2023-06-06T13:36:46.723", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T12:09:13.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:g103_firmware:1.0.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "20B50B9D-605D-4DE4-9785-FAA62019C25E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:g103:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1530E06E-43D9-44DE-9569-D5A6B1647378" + } + ] + } + ] + } + ], "references": [ { "url": "http://tenda.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33553.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33553.json index 5580233c464..82f3006f23a 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33553.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33553.json @@ -2,23 +2,94 @@ "id": "CVE-2023-33553", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-07T15:15:09.480", - "lastModified": "2023-06-07T16:18:07.597", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T15:19:16.400", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:planet:wdrt-1800ax_firmware:1.01-cp21:*:*:*:*:*:*:*", + "matchCriteriaId": "28E52AEF-AEF2-4A88-9EA1-11366FB49AC1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:planet:wdrt-1800ax:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A5E0CDD2-B139-4235-A31E-C230349B71E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/0xfml/poc/blob/main/PLANET/WDRT-1800AX.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.planet.com.tw/en/product/wdrt-1800ax", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33568.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33568.json index 701a5305f7b..6ea80c7009c 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33568.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33568.json @@ -2,12 +2,12 @@ "id": "CVE-2023-33568", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T15:15:14.147", - "lastModified": "2023-06-13T16:54:51.953", + "lastModified": "2023-06-15T14:15:09.630", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists." + "value": "An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json index ea2326484fa..2e6804bc654 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json @@ -2,23 +2,82 @@ "id": "CVE-2023-33595", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-07T20:15:09.920", - "lastModified": "2023-06-07T20:24:12.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T14:58:42.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:python:cpython:3.12.0:alpha_7:*:*:*:*:*:*", + "matchCriteriaId": "9B61BE28-33F3-425C-9788-867DF50D9AC9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/python/cpython/issues/103824", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/python/cpython/pull/103993/commits/c120bc2d354ca3d27d0c7a53bf65574ddaabaf3a", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33659.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33659.json index 3b3ad6cf28c..95a16106689 100644 --- a/CVE-2023/CVE-2023-336xx/CVE-2023-33659.json +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33659.json @@ -2,27 +2,90 @@ "id": "CVE-2023-33659", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T12:15:09.503", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T12:21:25.013", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:emqx:nanomq:0.17.2:*:*:*:*:*:*:*", + "matchCriteriaId": "0898CABA-5930-437A-8300-4D91648091F1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/emqx/nanomq", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/emqx/nanomq/issues/1154", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33848.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33848.json index cdedb298d0d..7e80d659686 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33848.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33848.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33848", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-07T21:15:13.617", - "lastModified": "2023-06-07T21:36:36.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T15:08:53.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,22 +76,148 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*", + "matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*", + "matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*", + "matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "498DF94F-3427-4F7C-80CB-F9526C4D47AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "EDF0F0BC-8964-4812-A5E6-0D1C1317E8D2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "B27A342F-6BF8-45E7-9711-7C329DE8FC9C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257104", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7001647", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7001681", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7001683", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34108.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34108.json index 22c4bed2dd2..06377659a3c 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34108.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34108.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34108", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-07T18:15:09.817", - "lastModified": "2023-06-07T20:24:12.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T15:31:29.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mailcow:mailcow\\:_dockerized:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-05", + "matchCriteriaId": "8736D463-F179-4128-9AD2-A4CE6F4A0ACA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/VladimirBorisov/CVE_proposal/blob/main/MailcowUserPassword.md", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/mailcow/mailcow-dockerized/commit/f80940efdccd393bf5fccec2886795372a38c445", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-mhh4-qchc-pv22", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34109.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34109.json index 3137454fbdf..82ceef27f42 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34109.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34109.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34109", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-07T18:15:09.903", - "lastModified": "2023-06-07T20:24:12.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T15:41:44.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zxcvbn-ts_project:zxcvbn-ts:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "3.0.2", + "matchCriteriaId": "E2A6456F-CD46-4253-895D-095361029F3A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zxcvbn-ts/zxcvbn/commit/3f9bed21b5d01f6f6863476822ca857355fba22f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/zxcvbn-ts/zxcvbn/security/advisories/GHSA-38hx-x5hq-5fg4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34234.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34234.json index 2d4b28ee00b..386449705d1 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34234.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34234.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34234", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-07T18:15:09.977", - "lastModified": "2023-06-07T20:24:12.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-15T12:58:03.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openzeppelin:contracts:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "4.3.0", + "versionEndExcluding": "4.9.1", + "matchCriteriaId": "735DB5E8-F1C9-46AC-BB0A-45BB23B05198" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openzeppelin:contracts_upgradeable:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "4.3.0", + "versionEndExcluding": "4.9.1", + "matchCriteriaId": "47DB67B3-94A7-4FD2-BD3B-86DD3B84C7C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/d9474327a492f9f310f31bc53f38dbea56ed9a57", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-5h3x-9wvq-w4m2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34251.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34251.json index 4131831cd8d..ae033a9a0dc 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34251.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34251.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34251", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T22:15:09.333", - "lastModified": "2023-06-14T23:15:10.910", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:22.420", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34252.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34252.json index bdbab5f029e..e9254c39957 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34252.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34252.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34252", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T22:15:09.397", - "lastModified": "2023-06-14T23:15:10.977", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:22.420", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34253.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34253.json index 1b0f28b9e53..17a49d4d4ab 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34253.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34253.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34253", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T23:15:11.037", - "lastModified": "2023-06-14T23:15:11.037", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34448.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34448.json index 39b759de029..a9c823911b1 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34448.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34448.json @@ -2,12 +2,16 @@ "id": "CVE-2023-34448", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T23:15:11.107", - "lastModified": "2023-06-15T00:15:10.480", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`." + }, + { + "lang": "es", + "value": "Grav es un sistema de gesti\u00f3n de contenidos de archivos planos. Antes de la versi\u00f3n 1.7.42, el parche para CVE-2022-2073, una vulnerabilidad de inyecci\u00f3n de plantillas del lado del servidor en Gray aprovechando la funci\u00f3n predeterminada \"filter()\", no bloqueaba otras funciones integradas expuestas por la extensi\u00f3n principal de Twig que pod\u00edan utilizarse para invocar funciones no seguras arbitrarias, permitiendo as\u00ed la ejecuci\u00f3n remota de c\u00f3digo. Un parche en la versi\u00f3n 1.74.2 anula las funciones de filtro incorporadas de Twig \"map()\" y \"reduce()\" en \"system/src/Grav/Common/Twig/Extension/GravExtension.php\" para validar el argumento pasado al filtro en \"$arrow\". " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34452.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34452.json index 26394c8f133..b7ffb1806da 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34452.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34452.json @@ -2,12 +2,16 @@ "id": "CVE-2023-34452", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T23:15:11.183", - "lastModified": "2023-06-14T23:15:11.183", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Grav is a flat-file content management system. In versions 1.7.42 and prior, the \"/forgot_password\" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the \"email\" parameter of the request. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user's browser, the impact is limited as it requires user interaction to trigger the vulnerability. As of time of publication, a patch is not available. Server-side validation should be implemented to prevent this vulnerability." + }, + { + "lang": "es", + "value": "Grav es un sistema de gesti\u00f3n de contenidos de archivos planos. En las versiones 1.7.42 y anteriores, la p\u00e1gina \"/forgot_password\" tiene una vulnerabilidad de Cross-Site Scripting auto reflejada que puede ser explotada inyectando un script en el par\u00e1metro \"email\" de la petici\u00f3n. Aunque esta vulnerabilidad puede permitir potencialmente a un atacante ejecutar c\u00f3digo arbitrario en el navegador del usuario, el impacto es limitado, ya que requiere la interacci\u00f3n del usuario para desencadenar la vulnerabilidad. EN el momento de la publicaci\u00f3n, no se dispon\u00eda de un parche. Se debe implementar la validaci\u00f3n del lado del servidor para evitar esta vulnerabilidad. " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json index e715da09f66..409f542d527 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35029", "sourceIdentifier": "security@liferay.com", "published": "2023-06-15T04:15:34.513", - "lastModified": "2023-06-15T04:15:34.513", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json index db1093c6027..6474a209ba2 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35030", "sourceIdentifier": "security@liferay.com", "published": "2023-06-15T05:15:09.857", - "lastModified": "2023-06-15T05:15:09.857", - "vulnStatus": "Received", + "lastModified": "2023-06-15T12:39:17.910", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 81c9536435d..311ce122258 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-15T12:00:26.231765+00:00 +2023-06-15T16:00:33.662693+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-15T11:15:09.347000+00:00 +2023-06-15T15:41:44.587000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -217811 +217821 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `10` -* [CVE-2023-28175](CVE-2023/CVE-2023-281xx/CVE-2023-28175.json) (`2023-06-15T11:15:09.227`) -* [CVE-2023-32229](CVE-2023/CVE-2023-322xx/CVE-2023-32229.json) (`2023-06-15T11:15:09.347`) +* [CVE-2023-25449](CVE-2023/CVE-2023-254xx/CVE-2023-25449.json) (`2023-06-15T12:15:09.457`) +* [CVE-2023-23802](CVE-2023/CVE-2023-238xx/CVE-2023-23802.json) (`2023-06-15T13:15:09.440`) +* [CVE-2023-25450](CVE-2023/CVE-2023-254xx/CVE-2023-25450.json) (`2023-06-15T13:15:09.513`) +* [CVE-2023-25972](CVE-2023/CVE-2023-259xx/CVE-2023-25972.json) (`2023-06-15T13:15:09.577`) +* [CVE-2023-3274](CVE-2023/CVE-2023-32xx/CVE-2023-3274.json) (`2023-06-15T13:15:09.647`) +* [CVE-2023-3275](CVE-2023/CVE-2023-32xx/CVE-2023-3275.json) (`2023-06-15T13:15:09.713`) +* [CVE-2023-3276](CVE-2023/CVE-2023-32xx/CVE-2023-3276.json) (`2023-06-15T13:15:09.773`) +* [CVE-2023-24420](CVE-2023/CVE-2023-244xx/CVE-2023-24420.json) (`2023-06-15T14:15:09.427`) +* [CVE-2023-25055](CVE-2023/CVE-2023-250xx/CVE-2023-25055.json) (`2023-06-15T14:15:09.497`) +* [CVE-2023-27634](CVE-2023/CVE-2023-276xx/CVE-2023-27634.json) (`2023-06-15T14:15:09.563`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `43` +* [CVE-2023-3193](CVE-2023/CVE-2023-31xx/CVE-2023-3193.json) (`2023-06-15T12:39:17.910`) +* [CVE-2023-2270](CVE-2023/CVE-2023-22xx/CVE-2023-2270.json) (`2023-06-15T12:39:17.910`) +* [CVE-2023-35030](CVE-2023/CVE-2023-350xx/CVE-2023-35030.json) (`2023-06-15T12:39:17.910`) +* [CVE-2023-2847](CVE-2023/CVE-2023-28xx/CVE-2023-2847.json) (`2023-06-15T12:39:17.910`) +* [CVE-2023-28175](CVE-2023/CVE-2023-281xx/CVE-2023-28175.json) (`2023-06-15T12:39:17.910`) +* [CVE-2023-32229](CVE-2023/CVE-2023-322xx/CVE-2023-32229.json) (`2023-06-15T12:39:17.910`) +* [CVE-2023-2819](CVE-2023/CVE-2023-28xx/CVE-2023-2819.json) (`2023-06-15T12:39:22.420`) +* [CVE-2023-2820](CVE-2023/CVE-2023-28xx/CVE-2023-2820.json) (`2023-06-15T12:39:22.420`) +* [CVE-2023-34251](CVE-2023/CVE-2023-342xx/CVE-2023-34251.json) (`2023-06-15T12:39:22.420`) +* [CVE-2023-34252](CVE-2023/CVE-2023-342xx/CVE-2023-34252.json) (`2023-06-15T12:39:22.420`) +* [CVE-2023-34234](CVE-2023/CVE-2023-342xx/CVE-2023-34234.json) (`2023-06-15T12:58:03.520`) +* [CVE-2023-2484](CVE-2023/CVE-2023-24xx/CVE-2023-2484.json) (`2023-06-15T13:25:32.130`) +* [CVE-2023-2526](CVE-2023/CVE-2023-25xx/CVE-2023-2526.json) (`2023-06-15T13:39:10.030`) +* [CVE-2023-33381](CVE-2023/CVE-2023-333xx/CVE-2023-33381.json) (`2023-06-15T14:04:54.837`) +* [CVE-2023-33568](CVE-2023/CVE-2023-335xx/CVE-2023-33568.json) (`2023-06-15T14:15:09.630`) +* [CVE-2023-2452](CVE-2023/CVE-2023-24xx/CVE-2023-2452.json) (`2023-06-15T14:56:14.693`) +* [CVE-2023-2450](CVE-2023/CVE-2023-24xx/CVE-2023-2450.json) (`2023-06-15T14:57:08.207`) +* [CVE-2023-2414](CVE-2023/CVE-2023-24xx/CVE-2023-2414.json) (`2023-06-15T14:58:16.963`) +* [CVE-2023-33595](CVE-2023/CVE-2023-335xx/CVE-2023-33595.json) (`2023-06-15T14:58:42.833`) +* [CVE-2023-33848](CVE-2023/CVE-2023-338xx/CVE-2023-33848.json) (`2023-06-15T15:08:53.457`) +* [CVE-2023-33553](CVE-2023/CVE-2023-335xx/CVE-2023-33553.json) (`2023-06-15T15:19:16.400`) +* [CVE-2023-2280](CVE-2023/CVE-2023-22xx/CVE-2023-2280.json) (`2023-06-15T15:25:15.017`) +* [CVE-2023-2275](CVE-2023/CVE-2023-22xx/CVE-2023-2275.json) (`2023-06-15T15:31:10.277`) +* [CVE-2023-34108](CVE-2023/CVE-2023-341xx/CVE-2023-34108.json) (`2023-06-15T15:31:29.460`) +* [CVE-2023-34109](CVE-2023/CVE-2023-341xx/CVE-2023-34109.json) (`2023-06-15T15:41:44.587`) ## Download and Usage