diff --git a/CVE-2021/CVE-2021-263xx/CVE-2021-26354.json b/CVE-2021/CVE-2021-263xx/CVE-2021-26354.json new file mode 100644 index 00000000000..b8712590a47 --- /dev/null +++ b/CVE-2021/CVE-2021-263xx/CVE-2021-26354.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2021-26354", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:10.670", + "lastModified": "2023-05-09T19:15:10.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-263xx/CVE-2021-26356.json b/CVE-2021/CVE-2021-263xx/CVE-2021-26356.json new file mode 100644 index 00000000000..fa40a9c8b8b --- /dev/null +++ b/CVE-2021/CVE-2021-263xx/CVE-2021-26356.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2021-26356", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:10.737", + "lastModified": "2023-05-09T19:15:10.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-263xx/CVE-2021-26365.json b/CVE-2021/CVE-2021-263xx/CVE-2021-26365.json new file mode 100644 index 00000000000..5042155daf0 --- /dev/null +++ b/CVE-2021/CVE-2021-263xx/CVE-2021-26365.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-26365", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:10.780", + "lastModified": "2023-05-09T19:15:10.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-263xx/CVE-2021-26371.json b/CVE-2021/CVE-2021-263xx/CVE-2021-26371.json new file mode 100644 index 00000000000..03515a7ea37 --- /dev/null +++ b/CVE-2021/CVE-2021-263xx/CVE-2021-26371.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2021-26371", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:10.820", + "lastModified": "2023-05-09T19:15:10.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-263xx/CVE-2021-26379.json b/CVE-2021/CVE-2021-263xx/CVE-2021-26379.json new file mode 100644 index 00000000000..34adb1763bf --- /dev/null +++ b/CVE-2021/CVE-2021-263xx/CVE-2021-26379.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-26379", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:10.863", + "lastModified": "2023-05-09T19:15:10.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient input validation of mailbox data in the\nSMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially\nleading to a loss of integrity and privilege escalation.\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-263xx/CVE-2021-26397.json b/CVE-2021/CVE-2021-263xx/CVE-2021-26397.json new file mode 100644 index 00000000000..6c0ae06abe3 --- /dev/null +++ b/CVE-2021/CVE-2021-263xx/CVE-2021-26397.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-26397", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:10.903", + "lastModified": "2023-05-09T19:15:10.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient address validation, may allow an\nattacker with a compromised ABL and UApp to corrupt sensitive memory locations\npotentially resulting in a loss of integrity or availability.\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-264xx/CVE-2021-26406.json b/CVE-2021/CVE-2021-264xx/CVE-2021-26406.json new file mode 100644 index 00000000000..09161bf0d61 --- /dev/null +++ b/CVE-2021/CVE-2021-264xx/CVE-2021-26406.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2021-26406", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:10.943", + "lastModified": "2023-05-09T19:15:10.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient validation in parsing Owner's\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-428xx/CVE-2021-42847.json b/CVE-2021/CVE-2021-428xx/CVE-2021-42847.json index 58950db8c84..22a04e279af 100644 --- a/CVE-2021/CVE-2021-428xx/CVE-2021-42847.json +++ b/CVE-2021/CVE-2021-428xx/CVE-2021-42847.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42847", "sourceIdentifier": "cve@mitre.org", "published": "2021-11-11T05:15:09.597", - "lastModified": "2022-04-27T17:13:41.687", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-09T18:15:11.397", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -124,6 +124,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172258/ManageEngine-ADAudit-Plus-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://pitstop.manageengine.com/portal/en/community/topic/fix-released-for-a-vulnerability-in-manageengine-adaudit-plus", "source": "cve@mitre.org", diff --git a/CVE-2021/CVE-2021-467xx/CVE-2021-46749.json b/CVE-2021/CVE-2021-467xx/CVE-2021-46749.json new file mode 100644 index 00000000000..4604279fe2b --- /dev/null +++ b/CVE-2021/CVE-2021-467xx/CVE-2021-46749.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-46749", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:10.997", + "lastModified": "2023-05-09T19:15:10.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-467xx/CVE-2021-46753.json b/CVE-2021/CVE-2021-467xx/CVE-2021-46753.json new file mode 100644 index 00000000000..b92a2f6e58c --- /dev/null +++ b/CVE-2021/CVE-2021-467xx/CVE-2021-46753.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-46753", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.040", + "lastModified": "2023-05-09T19:15:11.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Failure to validate the length fields of the ASP\n(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a\nmalicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite\ndata structures leading to a potential loss of confidentiality and integrity.\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-467xx/CVE-2021-46762.json b/CVE-2021/CVE-2021-467xx/CVE-2021-46762.json new file mode 100644 index 00000000000..209be9c1ead --- /dev/null +++ b/CVE-2021/CVE-2021-467xx/CVE-2021-46762.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-46762", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.080", + "lastModified": "2023-05-09T19:15:11.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient input validation in the SMU may\nallow an attacker to corrupt SMU SRAM potentially leading to a loss of\nintegrity or denial of service.\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-467xx/CVE-2021-46763.json b/CVE-2021/CVE-2021-467xx/CVE-2021-46763.json new file mode 100644 index 00000000000..c9abc5bcba0 --- /dev/null +++ b/CVE-2021/CVE-2021-467xx/CVE-2021-46763.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-46763", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.123", + "lastModified": "2023-05-09T19:15:11.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient input validation in the SMU may\nenable a privileged attacker to write beyond the intended bounds of a shared\nmemory buffer potentially leading to a loss of integrity.\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-467xx/CVE-2021-46764.json b/CVE-2021/CVE-2021-467xx/CVE-2021-46764.json new file mode 100644 index 00000000000..c801172767a --- /dev/null +++ b/CVE-2021/CVE-2021-467xx/CVE-2021-46764.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-46764", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.160", + "lastModified": "2023-05-09T19:15:11.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper validation of DRAM addresses in SMU may\nallow an attacker to overwrite sensitive memory locations within the ASP\npotentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-467xx/CVE-2021-46769.json b/CVE-2021/CVE-2021-467xx/CVE-2021-46769.json new file mode 100644 index 00000000000..f17a9b4d023 --- /dev/null +++ b/CVE-2021/CVE-2021-467xx/CVE-2021-46769.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-46769", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.200", + "lastModified": "2023-05-09T19:15:11.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient syscall input validation in the ASP\nBootloader may allow a privileged attacker to execute arbitrary DMA copies,\nwhich can lead to code execution. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-467xx/CVE-2021-46775.json b/CVE-2021/CVE-2021-467xx/CVE-2021-46775.json new file mode 100644 index 00000000000..1487f98382d --- /dev/null +++ b/CVE-2021/CVE-2021-467xx/CVE-2021-46775.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-46775", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.240", + "lastModified": "2023-05-09T19:15:11.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation in ABL may enable an\nattacker with physical access, to perform arbitrary memory overwrites,\npotentially leading to a loss of integrity and code execution.\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-209xx/CVE-2022-20929.json b/CVE-2022/CVE-2022-209xx/CVE-2022-20929.json index b26bcbbfff6..afb7c7dd688 100644 --- a/CVE-2022/CVE-2022-209xx/CVE-2022-20929.json +++ b/CVE-2022/CVE-2022-209xx/CVE-2022-20929.json @@ -2,12 +2,12 @@ "id": "CVE-2022-20929", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-03-10T21:15:10.963", - "lastModified": "2023-03-16T13:22:15.433", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-09T18:15:11.500", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system." + "value": "A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload.\r\n This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system." } ], "metrics": { @@ -86,6 +86,10 @@ } ], "references": [ + { + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-4f6q-86ww-gmcr", + "source": "ykramarz@cisco.com" + }, { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h", "source": "ykramarz@cisco.com", diff --git a/CVE-2022/CVE-2022-212xx/CVE-2022-21229.json b/CVE-2022/CVE-2022-212xx/CVE-2022-21229.json index 975bc6c61c0..79466d2ba92 100644 --- a/CVE-2022/CVE-2022-212xx/CVE-2022-21229.json +++ b/CVE-2022/CVE-2022-212xx/CVE-2022-21229.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21229", "sourceIdentifier": "secure@intel.com", "published": "2022-08-18T20:15:10.217", - "lastModified": "2022-08-23T18:54:30.627", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-09T19:15:11.283", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -102,6 +102,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html", + "source": "secure@intel.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-238xx/CVE-2022-23818.json b/CVE-2022/CVE-2022-238xx/CVE-2022-23818.json new file mode 100644 index 00000000000..60ba51e1b18 --- /dev/null +++ b/CVE-2022/CVE-2022-238xx/CVE-2022-23818.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-23818", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.367", + "lastModified": "2023-05-09T19:15:11.367", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient input validation on the model\nspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest\nmemory integrity.\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25273.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25273.json new file mode 100644 index 00000000000..4463f298a94 --- /dev/null +++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25273.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2022-25273", + "sourceIdentifier": "mlhess@drupal.org", + "published": "2023-04-26T14:15:09.203", + "lastModified": "2023-05-09T18:47:56.107", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "9.2.18", + "matchCriteriaId": "653CCAE2-C806-4269-AA91-17888FCE459E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.3.0", + "versionEndExcluding": "9.3.12", + "matchCriteriaId": "6F986047-8C92-4348-A6B5-B385DBB91B45" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.drupal.org/sa-core-2022-008", + "source": "mlhess@drupal.org", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25274.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25274.json new file mode 100644 index 00000000000..926fab99e7f --- /dev/null +++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25274.json @@ -0,0 +1,77 @@ +{ + "id": "CVE-2022-25274", + "sourceIdentifier": "mlhess@drupal.org", + "published": "2023-04-26T14:15:09.300", + "lastModified": "2023-05-09T19:11:17.407", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.3.0", + "versionEndExcluding": "9.3.12", + "matchCriteriaId": "6F986047-8C92-4348-A6B5-B385DBB91B45" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.drupal.org/sa-core-2022-009", + "source": "mlhess@drupal.org", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25277.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25277.json new file mode 100644 index 00000000000..f106a83ea3b --- /dev/null +++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25277.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2022-25277", + "sourceIdentifier": "mlhess@drupal.org", + "published": "2023-04-26T15:15:08.710", + "lastModified": "2023-05-09T19:26:40.053", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "9.3.19", + "matchCriteriaId": "5C7F59B6-66D0-4A58-B240-25C001836889" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.4.0", + "versionEndExcluding": "9.4.3", + "matchCriteriaId": "14FEC723-33EE-4E64-B221-86163C584F05" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.drupal.org/sa-core-2022-014", + "source": "mlhess@drupal.org", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25772.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25772.json index 216558c3813..c7814281e47 100644 --- a/CVE-2022/CVE-2022-257xx/CVE-2022-25772.json +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25772.json @@ -2,8 +2,8 @@ "id": "CVE-2022-25772", "sourceIdentifier": "security@mautic.org", "published": "2022-06-20T13:15:07.973", - "lastModified": "2022-06-27T18:42:23.703", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-09T19:15:11.413", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -130,6 +130,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html", + "source": "security@mautic.org" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28888.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28888.json index 434f33ccc13..9032e5a459c 100644 --- a/CVE-2022/CVE-2022-288xx/CVE-2022-28888.json +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28888.json @@ -2,7 +2,7 @@ "id": "CVE-2022-28888", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-13T18:15:08.897", - "lastModified": "2023-05-09T04:15:42.127", + "lastModified": "2023-05-09T18:15:11.600", "vulnStatus": "Modified", "descriptions": [ { @@ -102,6 +102,10 @@ "Third Party Advisory" ] }, + { + "url": "http://packetstormsecurity.com/files/172257/Spryker-Commerce-OS-1.0-SQL-Injection.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2022/Jul/4", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33273.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33273.json index c1b1827568a..40ae07e3dc8 100644 --- a/CVE-2022/CVE-2022-332xx/CVE-2022-33273.json +++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33273.json @@ -2,8 +2,8 @@ "id": "CVE-2022-33273", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-05-02T08:15:08.763", - "lastModified": "2023-05-02T12:56:18.213", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:33:28.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "product-security@qualcomm.com", "type": "Secondary", @@ -34,10 +54,2781 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EC6FCE91-BF38-49ED-8FFB-429BAFEE7832" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "715A9F94-5F9E-45E5-B07B-699410C01478" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C88B9C86-2E8E-4DCE-A30C-02977CC00F00" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:ar8035:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE473A5A-5CFC-4F08-A173-30717F8BD0D7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34AB9074-97A3-43F0-B829-CDB4E3066AC4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:*", + "matchCriteriaId": "362252ED-1DB3-4CF6-86DD-14919826D75E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "96FBD6DF-F174-4690-AA3D-1E8974E3627F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3BF86E1-3FAC-4A42-8C01-5944C6C30AE5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A3CF46D-E1CB-447E-8371-15C3F49B1AA9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn685x-5:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B74FDAF1-82D0-4136-BF97-25C56FCEE77C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A07C2049-B227-4849-85D0-B53D690C7697" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn685x-1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "88D2DB07-B72B-4D44-A373-0C7EAB35F388" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn785x-1_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C41266FF-5555-4522-AD55-6A7CF8BA33D5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn785x-1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E9C428C-7470-4178-9029-3234086D93F1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn785x-5_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04EA12D4-24E2-4FE9-8CD6-06A8E36DEB2F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn785x-5:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2AED978B-0330-4B9B-B662-AA8E9E621996" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2D9E281-B382-41AC-84CB-5B1063E5AC51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "44EBEBD5-98C3-493B-A108-FD4DE6FFBE97" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4FF653D0-15CF-4A10-8D8E-BE56F4DAB890" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C31FA74C-6659-4457-BC32-257624F43C66" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62DC4FBB-D9CB-43EB-829E-0A892306D0E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5B0F8ED6-EAE7-44EA-A8C6-F5AD408261F0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6335_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "966CDA56-809F-4FF4-909D-0DD92F44CF67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6335:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C90747B4-2CC0-4816-A994-58E00F5ADA05" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "83B53119-1B2F-4978-B7F5-33B84BE73B68" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6FEBC0C5-CAA1-475C-96C2-B8D24B2E4536" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E16994A-6DBA-426C-ADD2-B1E8B49FEDBF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6420:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47E674DE-55AB-44E5-8E00-C804FC9D4DC0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "503CEDEF-99D0-4432-88A0-295340743606" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6421:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE9115A0-0D87-49BE-9A9B-091DBF8D9E6E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A344E78F-D15A-460E-8EF8-7C6FC39F2D5E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FF5EC23-4884-4C2B-8E77-50B1E8E28A3D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95AFC483-1468-43FC-96FA-A56165C290E0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6430:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A963FDF-6FF4-4F48-834E-2A14D241716D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76FD6A24-B6F4-4C65-968F-AFF90A1A60B8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6431:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34661A30-92C3-4F0D-ABD1-8DA8E928DFF9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04F574BC-9AB2-4B83-A466-556ECEBBD3DF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A34D021D-C043-4EFD-9AB3-B2174528CBA3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "886124F6-B397-4EB6-8E01-6012E468ABE9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "93ED74CE-6BF2-4983-8780-07D5336745B3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B59672A0-2FA6-46CC-B75A-C599B842AFB9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3847F4A5-90A5-4C84-B43F-0DDD81BD79CE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B828AC8-4A01-4537-B2BD-8180C99F5C32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66C16E1E-9D4A-4F20-B697-833FDCCA86FB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "828CFB37-76A6-4927-9D00-AF9A1C432DD6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "11405993-5903-4716-B452-370281034B42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "643EC76D-2836-48E6-81DA-78C4883C33CA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*", + "matchCriteriaId": "477F6529-4CE1-44FC-B6EE-D24D44C71AE7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "288F637F-22F8-47CF-B67F-C798A730A1BD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0996EA3-1C92-4933-BE34-9CF625E59FE7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1D1C53DC-D2F3-4C92-9725-9A85340AF026" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED0585FF-E390-46E8-8701-70964A4057BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA8F9DA-1386-4961-B9B2-484E4347852A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*", + "matchCriteriaId": "117289C8-7484-4EAE-8F35-A25768F00EED" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4D2B46E-3996-42FD-B932-09E92C02EC8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98E58C63-F253-4DCC-8A14-48FEB64B4C3D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1894F6B9-31DA-44E8-AA28-064F73EBEE8D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qsm8350:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8AA23845-D9F5-4035-8A93-F475D865586F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sda\\/sdm845_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D5634C93-0C39-43B6-A185-77CE005B7305" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sda\\/sdm845:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0ED618D9-DFDD-4306-BF6D-5D5636B60353" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4C40544E-B040-491C-8DF3-50225E70B50C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2DAC85C-CDC9-4784-A69A-147A2CE8A8B2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F33EB594-B0D3-42F2-B1CA-B0E6C9D82C6B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*", + "matchCriteriaId": "50EF47E5-2875-412F-815D-44804BB3A739" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A19659B-A0C3-44B7-8D54-BA21729873A4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F978041A-CE28-4BDF-A7DB-F0360F1A5F14" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE8B62D-83B4-4326-8A53-FED5947D5FFE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D6F8899-136A-4A57-9F02-BD428E1663DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A024AB04-B213-4018-A4C1-FA467C7BA775" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2A8AB7C-5D34-4794-8C06-2193075B323F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3F900C8F-9763-441A-B97E-E5394A68A08A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "589C1001-E9F6-41A6-BCC8-A94A3C97F2E6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76910884-45D9-4EA2-BA30-44A8C7CC1339" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_8_gen1_5g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33D393A6-4586-4416-86EB-F9D86DC3DED8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A71D1A7C-537F-458B-BA56-A11F95E36EA9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "716DEC4D-D854-44CD-8A14-AA5AFD96809E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5B8DA94C-23A0-4C99-9F05-144B9B5224B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd670:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39E10E22-E7CC-41D6-80F3-030083F45645" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1497D052-884E-496B-BEF8-6904A25125ED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "589F4888-28F6-4ECA-860E-8054C2A8C419" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "42B30014-95AB-4F24-A7A5-60A907502609" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F562ED3D-CBE3-4DCC-BFBB-DE0AD2425A9C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72433485-B229-46A6-BCA4-394AA4EEA683" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04D40EC4-BF31-4BFD-8D0A-8193F541AF02" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E93FB34B-3674-404D-9687-E092E9A246AB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3FF5A9A-A34A-499C-B6E0-D67B496C5454" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdx57m_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18431C93-7497-4A2C-9B5A-B9E4C7F88B7D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdx57m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0BF0FFBA-73EC-4615-98D2-BA62D67353DB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76DB5472-DF51-4144-8A69-9B231CF782DA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1D395018-251C-45AA-9EE8-A638CAB0B508" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00865826-86AE-425F-BE6F-162F611FB200" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdm670:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0CC0441C-C30B-4D99-9BAD-C1E4387302BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8ABE492A-3755-4969-9DEB-4B85EBB84644" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E3D3787B-6ACC-4591-B041-01307ED66C36" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm6150-ac_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "559BBC7F-CF94-4524-AF8A-172013131EED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm6150-ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21BE75B1-0CB5-44DD-920E-B09B1A122C78" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm7250-aa_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6809F530-FA3C-455E-AF16-41F57AC3F5D4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm7250-aa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "464E833D-9FCA-4407-88A2-EDE7D4FAEA28" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm7250-ab_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "437D618B-FE47-4DF6-9174-B1335501862D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm7250-ab:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4616FA92-3DB7-4ABC-A804-92B9FC7D57AD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm7250-ac_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A51EAC73-7C74-4ABC-A964-8FE2CCB1C930" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm7250-ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0DF142AB-6BB0-43BE-B2F1-679A4BD123D5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm8450_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A38C0AFD-D666-423C-8903-BB026965D97C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm8450:-:*:*:*:*:*:*:*", + "matchCriteriaId": "59DBE92C-D428-4952-B94F-B46B3A627DFD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DED4B719-53B5-4D16-B3FA-ADE29D28ED86" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D342C86B-E184-457C-9F72-BD853ED79425" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3ADE826-C55D-4731-80B9-164FEA290FAC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8ED4F8FE-32DB-4696-A3AD-A9D7CB7E513A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9286B1E8-E39F-4DAA-8969-311CA2A0A8AA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19B9AE36-87A9-4EE7-87C8-CCA2DCF51039" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm8150-ac_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC335397-8340-4DD4-B8D1-9AB6E9911F85" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm8150-ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB6CF9F9-8EEE-49AD-B17D-60470F2F9D57" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DDC730C6-FB32-4566-AAE2-B2B261BA9411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A432773-467F-492C-AA3A-ADF08A21FB3F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm8250-ab_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2723E7F4-1381-4542-83BA-E65728F6CA5B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm8250-ab:-:*:*:*:*:*:*:*", + "matchCriteriaId": "918F0BEB-A38E-4801-ADE2-280D26F9A87C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm8250-ac_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "056F1BD3-A44D-4876-86DA-1B864C60DAE7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm8250-ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F2C602C-8D7C-4B3D-BC49-B5C36DFA8B63" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4B0798E6-68B1-4C0E-BF5B-5BC8033351A5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm8350:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E70D909-40D1-4B66-AEA3-034F2C53FB0F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sm8350-ac_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77AA64D-A9B5-473F-98FC-E5859142881D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sm8350-ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "066C3D8A-DC4C-415C-AFC1-0400325B0B10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC63E59F-CB68-435C-B1A4-7DA5D722142F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "088D62A3-1FE5-42D6-9231-41DDE4DA37EF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC63E59F-CB68-435C-B1A4-7DA5D722142F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "088D62A3-1FE5-42D6-9231-41DDE4DA37EF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "36903AF3-4E2D-4990-B021-A1D980229077" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "472928D4-90F4-402D-B1F2-0CE358326A10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "36903AF3-4E2D-4990-B021-A1D980229077" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "472928D4-90F4-402D-B1F2-0CE358326A10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C7ACDB5B-A32C-43A1-9086-D081E9FFF9AA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "583E50CC-2017-4092-A21E-7AAC53F53A25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C7ACDB5B-A32C-43A1-9086-D081E9FFF9AA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "583E50CC-2017-4092-A21E-7AAC53F53A25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7C155F86-467F-4B57-950E-12FAAB570B01" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "71E06B94-9463-49A6-B816-E8A82BEA8545" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5C1AB7D4-FB11-4020-A4A0-8F40D98C07F1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_ar2_gen_1_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FB6053F0-5E34-458A-B084-078E4D4F4021" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_x24_lte_modem_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5CAB1351-A614-4E73-B58E-7D624695C657" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_x24_lte_modem:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4494AAD7-D132-41DB-9756-CAD1F3F7AE7E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_x50_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69D1567F-D669-4415-9A08-110221EFA6BA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_x50_5g_modem-rf_system:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EF808C56-AD46-4351-9A46-6A2B6AAAB5BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AAFF2095-4257-40C9-8C48-B38C143159ED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_x55_5g_modem-rf_system:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FEA2F1D-7D07-4684-BDC1-24224A53A8BC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F74BF53E-DFA1-4750-A638-FE7572B79D16" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_x65_5g_modem-rf_system:-:*:*:*:*:*:*:*", + "matchCriteriaId": "226D1ABD-E4AD-487E-88EB-4C66D51DB33D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A129620-8241-4A47-AAC8-CC7E10A09C9C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CEDD78E-124C-4216-9B57-3B7B53463659" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A146E52D-4AFC-47B4-920F-DAC76077DF25" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:ssg2115p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BA4BA00-C8D1-4DAC-8030-CB5EEC7D4591" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA41907C-1CDE-42F3-B21D-5D53B2F06AF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:ssg2125p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EDC270A7-205C-41EB-A2E5-2A381A16BFBB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE3236D6-0D01-4D05-B580-8888B99BAA5D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sxr1230p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E1753FC-F3CD-4B50-886D-8E16D9301A84" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95762B01-2762-45BD-8388-5DB77EA6139C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD6444F6-A477-4B4C-8A09-C22C47CCE45B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3E20681-4FC4-46E2-AF77-BCF03BC8E77E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2EEFADBF-D751-499B-80E5-C1069E129F18" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D327FBA1-69B5-467B-9B1B-A0380994D21B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3A2FAD34-B7C5-400A-8575-A12CDE65ACBE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9326:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A39A2E5-6D8D-4F6E-98CB-96DB1975A4BC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8BA28CC6-C8BB-4F50-BFE3-A59F664A4F54" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D2BDF1-764C-48BA-8944-3275E8768078" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE852339-1CAE-4983-9757-8F00EDEF1141" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D9E96B3-F1BB-46F8-B715-7DF90180F1E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1295D869-F4DD-4766-B4AA-3513752F43B4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B98784DC-3143-4D38-AD28-DBBDCCAB4272" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34143ABA-7D09-429F-A65C-3A33438BF62C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92B17201-8185-47F1-9720-5AB4ECD11B22" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E1FA2EB9-416F-4D69-8786-386CC73978AE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3FEF2DB6-00F5-4B07-953B-EF58B31267F1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*", + "matchCriteriaId": "120E8F0F-EBEB-4565-9927-2D473F783EF7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C6E9038-9B18-4958-BE1E-215901C9B4B2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36D3274-F8D0-49C5-A6D5-95F5DC6D1950" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2744A053-5BD9-45A9-A2FC-791BCA0CCD4C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D5F28E29-520F-469E-B048-62DE2EF07ADD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15307882-7039-43E9-9BA3-035045988B99" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA85B322-E593-4499-829A-CC6D70BAE884" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E839A0B9-64C3-4C7A-82B7-D2AAF65928F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E870D82-DE3B-4199-A730-C8FB545BAA98" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7ACAD26E-B79E-4659-91A5-D301281F7D36" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", - "source": "product-security@qualcomm.com" + "source": "product-security@qualcomm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45801.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45801.json index 2d6713129b5..b8fe8f37ed5 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45801.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45801.json @@ -2,15 +2,38 @@ "id": "CVE-2022-45801", "sourceIdentifier": "security@apache.org", "published": "2023-05-01T15:15:08.790", - "lastModified": "2023-05-01T20:07:36.203", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:09:27.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.\nLDAP Injection is an attack used to exploit web based applications\nthat construct LDAP statements based on user input. When an\napplication fails to properly sanitize user input, it's possible to\nmodify LDAP statements through techniques similar to SQL Injection.\nLDAP injection attacks could result in the granting of permissions to\nunauthorized queries, and content modification inside the LDAP tree.\nThis risk may only occur when the user logs in with ldap, and the user\nname and password login will not be affected, Users of the affected\nversions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "18DFDC98-85AB-453B-AC21-4FA48A193C46" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45802.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45802.json index 39034c73b47..0e443518c00 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45802.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45802.json @@ -2,19 +2,52 @@ "id": "CVE-2022-45802", "sourceIdentifier": "security@apache.org", "published": "2023-05-01T15:15:08.943", - "lastModified": "2023-05-01T20:07:36.203", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:10:43.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory,\u00a0Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later\n\n\n\n\n\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", @@ -23,10 +56,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "7E17C8C2-2867-4E05-9B20-45BBB1BDDE39" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/thwl1v2h6r3c21x1qwff08o57qzjnst6", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46365.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46365.json index c0d226136ff..aece8d35eda 100644 --- a/CVE-2022/CVE-2022-463xx/CVE-2022-46365.json +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46365.json @@ -2,19 +2,52 @@ "id": "CVE-2022-46365", "sourceIdentifier": "security@apache.org", "published": "2023-05-01T15:15:09.013", - "lastModified": "2023-05-01T20:07:26.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:04:19.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer\u00a0as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account,\u00a0Users of the affected\u00a0versions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "18DFDC98-85AB-453B-AC21-4FA48A193C46" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-478xx/CVE-2022-47877.json b/CVE-2022/CVE-2022-478xx/CVE-2022-47877.json index de3b4a70f28..37e4ed6cb72 100644 --- a/CVE-2022/CVE-2022-478xx/CVE-2022-47877.json +++ b/CVE-2022/CVE-2022-478xx/CVE-2022-47877.json @@ -2,23 +2,84 @@ "id": "CVE-2022-47877", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-02T20:15:10.590", - "lastModified": "2023-05-05T19:15:15.393", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:42:15.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jedox:jedox:2020.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "3CD31D96-EC95-4111-A9A8-504144689CFF" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/172153/Jedox-2020.2.5-Cross-Site-Scripting.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0155.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0155.json index bd077c0a9f3..c9fb70f4fc9 100644 --- a/CVE-2023/CVE-2023-01xx/CVE-2023-0155.json +++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0155.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0155", "sourceIdentifier": "cve@gitlab.com", "published": "2023-05-03T21:15:16.323", - "lastModified": "2023-05-04T13:03:12.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:53:24.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -34,18 +54,92 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionEndExcluding": "15.8.5", + "matchCriteriaId": "3FD921B9-00B8-4C39-BC84-80DA843763B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionEndExcluding": "15.8.5", + "matchCriteriaId": "535B468A-3815-4E7A-AC3E-D1A42434588A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "15.9", + "versionEndExcluding": "15.9.5", + "matchCriteriaId": "7CE5E35C-CCD0-4C30-8256-38738D268499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "15.9", + "versionEndExcluding": "15.9.5", + "matchCriteriaId": "AD24CB10-DA4E-4411-A901-384B03B70DCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "15.10", + "versionEndExcluding": "15.10.1", + "matchCriteriaId": "FAEB14CD-BB39-4C93-8BA0-3D2877F208A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "15.10", + "versionEndExcluding": "15.10.1", + "matchCriteriaId": "ADCD2B7B-6E9B-444C-AFC7-BE56381F649C" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/387638", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://hackerone.com/reports/1817250", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0485.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0485.json index 62384970ee7..e00fc652daf 100644 --- a/CVE-2023/CVE-2023-04xx/CVE-2023-0485.json +++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0485.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0485", "sourceIdentifier": "cve@gitlab.com", "published": "2023-05-03T21:15:16.577", - "lastModified": "2023-05-04T13:03:12.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:53:10.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -34,18 +54,72 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.11", + "versionEndExcluding": "15.8.5", + "matchCriteriaId": "5709DC7C-DB07-41E0-8260-E2ED19B8FFAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.9", + "versionEndExcluding": "15.9.4", + "matchCriteriaId": "B1317C77-8DC5-4F9C-928A-3F561C8D3CAD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.11", + "versionEndExcluding": "15.11.1", + "matchCriteriaId": "324922C6-938D-42CA-BA80-8BEEB29DAEC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/389191", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/1837937", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1477.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1477.json index 7873618e828..98f0b20199f 100644 --- a/CVE-2023/CVE-2023-14xx/CVE-2023-1477.json +++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1477.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1477", "sourceIdentifier": "security@hypr.com", "published": "2023-04-28T15:15:10.633", - "lastModified": "2023-04-28T17:06:22.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:38:42.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@hypr.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "security@hypr.com", "type": "Secondary", @@ -46,10 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hypr:keycloak_authenticator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.10.2", + "matchCriteriaId": "16BBA4C6-9D25-48D1-94E8-6208707F3E82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hypr:keycloak_authenticator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.3", + "matchCriteriaId": "C46FEC6C-01FC-4C25-8D8A-9BBFDBB2AB99" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hypr.com/security-advisories", - "source": "security@hypr.com" + "source": "security@hypr.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-200xx/CVE-2023-20046.json b/CVE-2023/CVE-2023-200xx/CVE-2023-20046.json new file mode 100644 index 00000000000..4f1f2798277 --- /dev/null +++ b/CVE-2023/CVE-2023-200xx/CVE-2023-20046.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-20046", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-05-09T18:15:11.697", + "lastModified": "2023-05-09T18:23:37.987", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-j7p3-gjw6-pp4r", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-200xx/CVE-2023-20098.json b/CVE-2023/CVE-2023-200xx/CVE-2023-20098.json new file mode 100644 index 00000000000..1110b9ff8f3 --- /dev/null +++ b/CVE-2023/CVE-2023-200xx/CVE-2023-20098.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-20098", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-05-09T18:15:11.760", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.\r\n\r This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-5j43-q336-92ch", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20520.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20520.json new file mode 100644 index 00000000000..8159b97b55b --- /dev/null +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20520.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-20520", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.507", + "lastModified": "2023-05-09T19:15:11.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20524.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20524.json new file mode 100644 index 00000000000..74aa42f63dc --- /dev/null +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20524.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-20524", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-05-09T19:15:11.550", + "lastModified": "2023-05-09T19:15:11.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An attacker with a compromised ASP could\npossibly send malformed commands to an ASP on another CPU, resulting in an out\nof bounds write, potentially leading to a loss a loss of integrity.\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2069.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2069.json index 0babd8dff38..a0d014833ff 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2069.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2069.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2069", "sourceIdentifier": "cve@gitlab.com", "published": "2023-05-03T21:15:21.590", - "lastModified": "2023-05-04T13:03:12.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:58:32.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -34,18 +54,72 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0", + "versionEndExcluding": "12.9.8", + "matchCriteriaId": "97201C83-37F2-46AB-B62A-CC351E6BF563" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.10.0", + "versionEndExcluding": "12.10.7", + "matchCriteriaId": "A60404F1-9B3B-4249-A49F-407E09B1377F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.0.1", + "matchCriteriaId": "D5EA4F3B-E5F3-4CFD-AE17-4FDF3FE78535" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407374", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/1939987", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json index 8d149216943..88d424d4504 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json @@ -2,19 +2,83 @@ "id": "CVE-2023-2247", "sourceIdentifier": "security@octopus.com", "published": "2023-05-02T05:15:28.113", - "lastModified": "2023-05-02T12:56:18.213", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:23:24.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2018.3.0", + "versionEndExcluding": "2022.3.10929", + "matchCriteriaId": "22D1704B-F501-407B-83F5-97C5E5FB8239" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.4.0", + "versionEndExcluding": "2022.4.8319", + "matchCriteriaId": "1DDA3B08-F921-4FE4-BBE3-BCC72E60A27F" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisories.octopus.com/post/2023/sa2023-07/", - "source": "security@octopus.com" + "source": "security@octopus.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24892.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24892.json index 3a0ebc4c4c8..ec97ea4376c 100644 --- a/CVE-2023/CVE-2023-248xx/CVE-2023-24892.json +++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24892.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24892", "sourceIdentifier": "secure@microsoft.com", "published": "2023-03-14T17:15:18.197", - "lastModified": "2023-03-22T12:57:58.237", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-09T18:15:11.823", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", @@ -31,26 +51,6 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 - }, - { - "source": "secure@microsoft.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 7.1, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 2.8, - "impactScore": 4.2 } ] }, diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24898.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24898.json new file mode 100644 index 00000000000..eeee5801adc --- /dev/null +++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24898.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24898", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:11.913", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows SMB Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24898", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24899.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24899.json new file mode 100644 index 00000000000..c8afb710cbb --- /dev/null +++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24899.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24899", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:11.970", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Graphics Component Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24899", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24900.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24900.json new file mode 100644 index 00000000000..cac89ebe056 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24900.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24900", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.033", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows NTLM Security Support Provider Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24900", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24901.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24901.json new file mode 100644 index 00000000000..3b262bea76a --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24901.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24901", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.097", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows NFS Portmapper Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24901", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24902.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24902.json new file mode 100644 index 00000000000..882ac598f69 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24902.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24902", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.157", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24902", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24903.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24903.json new file mode 100644 index 00000000000..115369f45fe --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24903.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24903", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.217", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24903", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24904.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24904.json new file mode 100644 index 00000000000..1f167ade4a4 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24904.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24904", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.280", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Installer Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24904", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24905.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24905.json new file mode 100644 index 00000000000..c3424ff40b0 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24905.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24905", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.347", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Remote Desktop Client Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24905", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24932.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24932.json new file mode 100644 index 00000000000..f53edb50e40 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24932.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24932", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.407", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Secure Boot Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24939.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24939.json new file mode 100644 index 00000000000..3a1895cef2b --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24939.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24939", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.467", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Server for NFS Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24939", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24940.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24940.json new file mode 100644 index 00000000000..10246479d25 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24940.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24940", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.527", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24940", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24941.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24941.json new file mode 100644 index 00000000000..3b91fb04656 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24941.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24941", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.587", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Network File System Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24942.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24942.json new file mode 100644 index 00000000000..dff48edf727 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24942.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24942", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.643", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24942", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24943.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24943.json new file mode 100644 index 00000000000..6bd91a391cc --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24943.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24943", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.720", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24943", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24944.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24944.json new file mode 100644 index 00000000000..2b00d35b08c --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24944.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24944", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.780", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Bluetooth Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24944", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24945.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24945.json new file mode 100644 index 00000000000..3cb97fd1444 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24945.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24945", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.840", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows iSCSI Target Service Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24945", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24946.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24946.json new file mode 100644 index 00000000000..5e541c85311 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24946.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24946", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.900", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Backup Service Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24946", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24947.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24947.json new file mode 100644 index 00000000000..c6511f1bc60 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24947.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24947", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:12.960", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Bluetooth Driver Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24947", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24948.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24948.json new file mode 100644 index 00000000000..d471da7b6ee --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24948.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24948", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.017", + "lastModified": "2023-05-09T18:23:34.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Bluetooth Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24949.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24949.json new file mode 100644 index 00000000000..ce084777e00 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24949.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24949", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.080", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24949", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24950.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24950.json new file mode 100644 index 00000000000..06779ae28ef --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24950.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24950", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.143", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Server Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24953.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24953.json new file mode 100644 index 00000000000..43b0c6c5514 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24953.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24953", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.203", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24954.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24954.json new file mode 100644 index 00000000000..6e0c326b643 --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24954.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24954", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.260", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Server Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24955.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24955.json new file mode 100644 index 00000000000..4094bf534cf --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24955.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-24955", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.317", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2479.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2479.json index 702c4733b7c..884ddd93971 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2479.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2479.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2479", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-02T15:15:23.760", - "lastModified": "2023-05-03T10:33:50.897", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:48:53.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:appim:appium-desktop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.22.3-4", + "matchCriteriaId": "5433D376-10A9-4706-A432-036DD89C5F89" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/appium/appium-desktop/commit/12a988aa08b9822e97056a09486c9bebb3aad8fe", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2609.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2609.json new file mode 100644 index 00000000000..51154ce8e6f --- /dev/null +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2609.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2609", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-05-09T18:15:14.147", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27568.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27568.json index 1a6db3ecda9..ee49229a05f 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27568.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27568.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27568", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-04T02:15:19.103", - "lastModified": "2023-05-09T04:15:42.390", + "lastModified": "2023-05-09T18:15:13.370", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/172257/Spryker-Commerce-OS-1.0-SQL-Injection.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/May/2", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28251.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28251.json new file mode 100644 index 00000000000..3784be3526b --- /dev/null +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28251.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-28251", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.433", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Driver Revocation List Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28251", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28283.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28283.json new file mode 100644 index 00000000000..db13cbc6d0d --- /dev/null +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28283.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-28283", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.490", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28290.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28290.json new file mode 100644 index 00000000000..b0cef4d24c3 --- /dev/null +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28290.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-28290", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.547", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28290", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29324.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29324.json new file mode 100644 index 00000000000..3f67c4331cc --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29324.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29324", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.607", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows MSHTML Platform Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29325.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29325.json new file mode 100644 index 00000000000..fada20b8bb6 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29325.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29325", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.667", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows OLE Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29325", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29333.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29333.json new file mode 100644 index 00000000000..1d8992d162c --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29333.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29333", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.727", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Access Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29333", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29335.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29335.json new file mode 100644 index 00000000000..d898a379068 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29335.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29335", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.783", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Word Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29336.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29336.json new file mode 100644 index 00000000000..4473ead43e4 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29336.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29336", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.840", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29338.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29338.json new file mode 100644 index 00000000000..6f2b9b629a9 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29338.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29338", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.900", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Visual Studio Code Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29338", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29340.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29340.json new file mode 100644 index 00000000000..eb2ea1c0cb8 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29340.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29340", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:13.967", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AV1 Video Extension Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29340", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29341.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29341.json new file mode 100644 index 00000000000..02ab6821cd3 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29341.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29341", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:14.027", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AV1 Video Extension Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29341", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29343.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29343.json new file mode 100644 index 00000000000..adc9611a62e --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29343.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29343", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-05-09T18:15:14.087", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SysInternals Sysmon for Windows Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29772.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29772.json index 839aef14696..6da727af601 100644 --- a/CVE-2023/CVE-2023-297xx/CVE-2023-29772.json +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29772.json @@ -2,19 +2,88 @@ "id": "CVE-2023-29772", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-02T13:15:24.957", - "lastModified": "2023-05-02T13:29:57.300", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:40:44.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac51u_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.0.0.4.380.8591", + "matchCriteriaId": "09C8149E-4EAB-4FBB-A06A-470FCDD5CBE7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/donnm/cves/-/blob/master/xss_rtac51u_syslog.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29918.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29918.json index 6ac3f2612c5..39d8fd1f773 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29918.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29918.json @@ -2,19 +2,75 @@ "id": "CVE-2023-29918", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-02T16:15:09.027", - "lastModified": "2023-05-03T10:33:50.897", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:27:09.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rosariosis:rosariosis:10.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "ECEECA22-0CCE-46C9-A4F9-920A24D8D042" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30204.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30204.json index 3791cfef521..b80614459f5 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30204.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30204.json @@ -2,19 +2,74 @@ "id": "CVE-2023-30204", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-03T21:15:23.643", - "lastModified": "2023-05-04T13:03:12.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:43:20.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:judging_management_system_project:judging_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FAE693B0-3497-406C-AD53-36AC05735004" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30268.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30268.json index eb94a70ab63..abc98028209 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30268.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30268.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30268", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-04T20:15:10.567", - "lastModified": "2023-05-05T13:33:53.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:15:14.210", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -15,10 +15,6 @@ { "url": "https://gist.github.com/HuBenLab/16dc2f87f91a6f8c60eefce5abf18c08", "source": "cve@mitre.org" - }, - { - "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%202.md", - "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30838.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30838.json new file mode 100644 index 00000000000..666d0917bea --- /dev/null +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30838.json @@ -0,0 +1,117 @@ +{ + "id": "CVE-2023-30838", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-04-25T19:15:11.160", + "lastModified": "2023-05-09T19:46:44.303", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.8.9", + "matchCriteriaId": "38174A16-34A0-4E08-8485-B413ADC32907" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.4", + "matchCriteriaId": "B84AB40A-755F-4AD7-AD86-D2FD642C710D" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c", + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693", + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30847.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30847.json index 2f6a6ef45e4..69f9e0e5cb1 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30847.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30847.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30847", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-27T15:15:13.833", - "lastModified": "2023-04-27T15:58:36.043", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:21:39.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.2.6", + "matchCriteriaId": "3C540EDB-1F68-47E9-A457-B6BC1EB805D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dena:h2o:2.3.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "128D1D5E-4E71-4ABB-B580-F17E2B74B5F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dena:h2o:2.3.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "E69DE676-300A-4A95-A04D-7463CA372799" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/h2o/h2o/pull/3229", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30850.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30850.json index 40cbdc51fa1..d12dc0a243e 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30850.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30850.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30850", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-27T17:15:08.880", - "lastModified": "2023-04-27T18:35:34.590", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:18:04.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/pimcore/pimcore/pull/14952", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30859.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30859.json index c3bd0696775..facc972b648 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30859.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30859.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30859", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-01T14:15:09.637", - "lastModified": "2023-05-01T20:07:36.203", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:01:26.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:triton_project:triton:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.7.5", + "matchCriteriaId": "1D5B2B0A-229A-4F2E-8630-E89F5998121E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:triton_project:triton:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.8.0", + "versionEndExcluding": "3.8.4", + "matchCriteriaId": "3C47B5DC-D912-4CDB-98C8-6C5D9E03AFFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/tritonmc/Triton/releases/tag/v3.8.4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/tritonmc/Triton/security/advisories/GHSA-8vj5-jccf-q25r", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30869.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30869.json index fadffaa0433..8b51285639e 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30869.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30869.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30869", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-02T10:15:09.357", - "lastModified": "2023-05-02T12:56:12.940", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T18:25:38.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,14 +66,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "3.1", + "versionEndExcluding": "3.1.1.4.2", + "matchCriteriaId": "52CDC67E-1D35-4EEC-A986-239833BDA85C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/articles/critical-easy-digital-downloads-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-1-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31207.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31207.json index ef54bc50dbc..ab3b35bbb64 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31207.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31207.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31207", "sourceIdentifier": "security@checkmk.com", "published": "2023-05-02T09:15:10.120", - "lastModified": "2023-05-02T12:56:12.940", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-09T19:21:42.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -46,10 +76,455 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "25E96088-0FA2-49FD-B93D-5AFC9605289E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "EDB60B12-F724-40C7-8EB2-1270484E88F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "F646D243-433E-46F9-9E8E-E4F734F9E648" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p31:*:*:*:*:*:*", + "matchCriteriaId": "D1C14080-79C9-4620-AD1F-6CB46F0F74D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p32:*:*:*:*:*:*", + "matchCriteriaId": "4AECE1FE-F3D1-4FF0-BDF9-F39FFCBF52E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p33:*:*:*:*:*:*", + "matchCriteriaId": "C2F79F99-5F46-48A7-BEE7-1551CD56C2F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p34:*:*:*:*:*:*", + "matchCriteriaId": "2EB6F9D4-13D2-4218-96EF-64C2126369DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p35:*:*:*:*:*:*", + "matchCriteriaId": "62841559-BDA0-4B67-932A-007D91BFBD14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*", + "matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "002EF417-C702-42E2-9C8F-C9593B43AB03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "B8E358A9-0430-4EF1-8557-7F1C088FFF48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "4B0AF395-FDC7-4321-9E00-C935641C138B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "59B9CCED-806F-47EF-B5B6-441AADCB4B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "FAED2CD5-A2CE-438C-8ED7-338D9D61FBD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "F08A96EF-FD2E-4D45-884B-349869649C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "E80D718E-66B6-4FC6-911D-C264F2C891C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "174BF76A-00C5-4ECD-937D-FE66851D3979" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "F43DBAE4-FEF9-431E-AE82-31C7944CA830" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "5FFBF793-48E0-48DB-9C12-1C4A5805009E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "B6A2F0DB-CA73-4F14-8099-7A29BADC1F4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "5D23ECB8-9C2C-4BA5-ADD6-248FD2CFF37A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "9958D126-EF50-4ED7-85A3-6E5120EFB931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "5D9B3F5F-158A-4C43-A894-1A55D1D758FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "17729C6D-3DD1-4082-B3AF-B53770304F7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "2E34014C-90A0-4ABB-A15F-73E83F312246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "8400088B-E56E-4D0B-86D5-76D884C8031A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "29554684-FEFF-42B2-B62E-6523782F537C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "91AE66E4-AE6B-4F25-9312-6418FC3E221F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "A954DDB4-ACF5-4D74-B735-0BB14762457C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "F4E9D8E0-ECFF-4987-8189-F6A5917D39B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "7CDF16A7-E9BC-488B-A0DF-91B7F79C2D7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "EF3C4AB5-966A-46CD-8774-7BD4115FC80B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "580C70A7-387E-4650-9DBA-D7AA0BFDB1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "343C5CD6-48ED-4693-BC2A-549A43F02931" + } + ] + } + ] + } + ], "references": [ { "url": "https://checkmk.com/werk/15189", - "source": "security@checkmk.com" + "source": "security@checkmk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31472.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31472.json new file mode 100644 index 00000000000..2e88316dd35 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31472.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31472", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-09T18:15:14.283", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.gl-inet.com", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31474.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31474.json new file mode 100644 index 00000000000..6b334455ef4 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31474.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31474", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-09T18:15:14.323", + "lastModified": "2023-05-09T18:23:25.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.gl-inet.com", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d8ed721c4bc..911d95b9731 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-09T18:00:48.782033+00:00 +2023-05-09T20:00:32.334537+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-09T17:53:51.073000+00:00 +2023-05-09T19:58:32.077000+00:00 ``` ### Last Data Feed Release @@ -29,111 +29,108 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -214579 +214637 ``` ### CVEs added in the last Commit -Recently added CVEs: `30` +Recently added CVEs: `58` -* [CVE-2020-18280](CVE-2020/CVE-2020-182xx/CVE-2020-18280.json) (`2023-05-09T16:15:13.690`) -* [CVE-2020-23362](CVE-2020/CVE-2020-233xx/CVE-2020-23362.json) (`2023-05-09T16:15:13.963`) -* [CVE-2020-23363](CVE-2020/CVE-2020-233xx/CVE-2020-23363.json) (`2023-05-09T16:15:14.090`) -* [CVE-2021-31240](CVE-2021/CVE-2021-312xx/CVE-2021-31240.json) (`2023-05-09T16:15:14.147`) -* [CVE-2021-31711](CVE-2021/CVE-2021-317xx/CVE-2021-31711.json) (`2023-05-09T16:15:14.197`) -* [CVE-2023-25829](CVE-2023/CVE-2023-258xx/CVE-2023-25829.json) (`2023-05-09T17:15:10.387`) -* [CVE-2023-25830](CVE-2023/CVE-2023-258xx/CVE-2023-25830.json) (`2023-05-09T17:15:10.567`) -* [CVE-2023-25834](CVE-2023/CVE-2023-258xx/CVE-2023-25834.json) (`2023-05-09T16:15:14.263`) -* [CVE-2023-30083](CVE-2023/CVE-2023-300xx/CVE-2023-30083.json) (`2023-05-09T16:15:14.373`) -* [CVE-2023-30084](CVE-2023/CVE-2023-300xx/CVE-2023-30084.json) (`2023-05-09T16:15:14.423`) -* [CVE-2023-30085](CVE-2023/CVE-2023-300xx/CVE-2023-30085.json) (`2023-05-09T16:15:14.470`) -* [CVE-2023-30086](CVE-2023/CVE-2023-300xx/CVE-2023-30086.json) (`2023-05-09T16:15:14.507`) -* [CVE-2023-30087](CVE-2023/CVE-2023-300xx/CVE-2023-30087.json) (`2023-05-09T16:15:14.547`) -* [CVE-2023-30088](CVE-2023/CVE-2023-300xx/CVE-2023-30088.json) (`2023-05-09T16:15:14.583`) -* [CVE-2023-31144](CVE-2023/CVE-2023-311xx/CVE-2023-31144.json) (`2023-05-09T16:15:14.623`) -* [CVE-2023-31476](CVE-2023/CVE-2023-314xx/CVE-2023-31476.json) (`2023-05-09T16:15:14.680`) -* [CVE-2023-31489](CVE-2023/CVE-2023-314xx/CVE-2023-31489.json) (`2023-05-09T16:15:14.717`) -* [CVE-2023-31490](CVE-2023/CVE-2023-314xx/CVE-2023-31490.json) (`2023-05-09T16:15:14.757`) -* [CVE-2023-31799](CVE-2023/CVE-2023-317xx/CVE-2023-31799.json) (`2023-05-09T16:15:14.793`) -* [CVE-2023-31800](CVE-2023/CVE-2023-318xx/CVE-2023-31800.json) (`2023-05-09T16:15:14.830`) -* [CVE-2023-31801](CVE-2023/CVE-2023-318xx/CVE-2023-31801.json) (`2023-05-09T16:15:14.870`) -* [CVE-2023-31802](CVE-2023/CVE-2023-318xx/CVE-2023-31802.json) (`2023-05-09T16:15:14.910`) -* [CVE-2023-31803](CVE-2023/CVE-2023-318xx/CVE-2023-31803.json) (`2023-05-09T16:15:14.953`) -* [CVE-2023-31804](CVE-2023/CVE-2023-318xx/CVE-2023-31804.json) (`2023-05-09T16:15:14.993`) -* [CVE-2023-31805](CVE-2023/CVE-2023-318xx/CVE-2023-31805.json) (`2023-05-09T16:15:15.033`) -* [CVE-2023-31806](CVE-2023/CVE-2023-318xx/CVE-2023-31806.json) (`2023-05-09T16:15:15.077`) -* [CVE-2023-31807](CVE-2023/CVE-2023-318xx/CVE-2023-31807.json) (`2023-05-09T16:15:15.123`) -* [CVE-2023-32066](CVE-2023/CVE-2023-320xx/CVE-2023-32066.json) (`2023-05-09T16:15:15.160`) -* [CVE-2023-32069](CVE-2023/CVE-2023-320xx/CVE-2023-32069.json) (`2023-05-09T16:15:15.230`) -* [CVE-2023-32071](CVE-2023/CVE-2023-320xx/CVE-2023-32071.json) (`2023-05-09T16:15:15.297`) +* [CVE-2021-26354](CVE-2021/CVE-2021-263xx/CVE-2021-26354.json) (`2023-05-09T19:15:10.670`) +* [CVE-2021-26356](CVE-2021/CVE-2021-263xx/CVE-2021-26356.json) (`2023-05-09T19:15:10.737`) +* [CVE-2021-26365](CVE-2021/CVE-2021-263xx/CVE-2021-26365.json) (`2023-05-09T19:15:10.780`) +* [CVE-2021-26371](CVE-2021/CVE-2021-263xx/CVE-2021-26371.json) (`2023-05-09T19:15:10.820`) +* [CVE-2021-26379](CVE-2021/CVE-2021-263xx/CVE-2021-26379.json) (`2023-05-09T19:15:10.863`) +* [CVE-2021-26397](CVE-2021/CVE-2021-263xx/CVE-2021-26397.json) (`2023-05-09T19:15:10.903`) +* [CVE-2021-26406](CVE-2021/CVE-2021-264xx/CVE-2021-26406.json) (`2023-05-09T19:15:10.943`) +* [CVE-2021-46749](CVE-2021/CVE-2021-467xx/CVE-2021-46749.json) (`2023-05-09T19:15:10.997`) +* [CVE-2021-46753](CVE-2021/CVE-2021-467xx/CVE-2021-46753.json) (`2023-05-09T19:15:11.040`) +* [CVE-2021-46762](CVE-2021/CVE-2021-467xx/CVE-2021-46762.json) (`2023-05-09T19:15:11.080`) +* [CVE-2021-46763](CVE-2021/CVE-2021-467xx/CVE-2021-46763.json) (`2023-05-09T19:15:11.123`) +* [CVE-2021-46764](CVE-2021/CVE-2021-467xx/CVE-2021-46764.json) (`2023-05-09T19:15:11.160`) +* [CVE-2021-46769](CVE-2021/CVE-2021-467xx/CVE-2021-46769.json) (`2023-05-09T19:15:11.200`) +* [CVE-2021-46775](CVE-2021/CVE-2021-467xx/CVE-2021-46775.json) (`2023-05-09T19:15:11.240`) +* [CVE-2022-23818](CVE-2022/CVE-2022-238xx/CVE-2022-23818.json) (`2023-05-09T19:15:11.367`) +* [CVE-2023-20046](CVE-2023/CVE-2023-200xx/CVE-2023-20046.json) (`2023-05-09T18:15:11.697`) +* [CVE-2023-20098](CVE-2023/CVE-2023-200xx/CVE-2023-20098.json) (`2023-05-09T18:15:11.760`) +* [CVE-2023-20520](CVE-2023/CVE-2023-205xx/CVE-2023-20520.json) (`2023-05-09T19:15:11.507`) +* [CVE-2023-20524](CVE-2023/CVE-2023-205xx/CVE-2023-20524.json) (`2023-05-09T19:15:11.550`) +* [CVE-2023-24898](CVE-2023/CVE-2023-248xx/CVE-2023-24898.json) (`2023-05-09T18:15:11.913`) +* [CVE-2023-24899](CVE-2023/CVE-2023-248xx/CVE-2023-24899.json) (`2023-05-09T18:15:11.970`) +* [CVE-2023-24900](CVE-2023/CVE-2023-249xx/CVE-2023-24900.json) (`2023-05-09T18:15:12.033`) +* [CVE-2023-24901](CVE-2023/CVE-2023-249xx/CVE-2023-24901.json) (`2023-05-09T18:15:12.097`) +* [CVE-2023-24902](CVE-2023/CVE-2023-249xx/CVE-2023-24902.json) (`2023-05-09T18:15:12.157`) +* [CVE-2023-24903](CVE-2023/CVE-2023-249xx/CVE-2023-24903.json) (`2023-05-09T18:15:12.217`) +* [CVE-2023-24904](CVE-2023/CVE-2023-249xx/CVE-2023-24904.json) (`2023-05-09T18:15:12.280`) +* [CVE-2023-24905](CVE-2023/CVE-2023-249xx/CVE-2023-24905.json) (`2023-05-09T18:15:12.347`) +* [CVE-2023-24932](CVE-2023/CVE-2023-249xx/CVE-2023-24932.json) (`2023-05-09T18:15:12.407`) +* [CVE-2023-24939](CVE-2023/CVE-2023-249xx/CVE-2023-24939.json) (`2023-05-09T18:15:12.467`) +* [CVE-2023-24940](CVE-2023/CVE-2023-249xx/CVE-2023-24940.json) (`2023-05-09T18:15:12.527`) +* [CVE-2023-24941](CVE-2023/CVE-2023-249xx/CVE-2023-24941.json) (`2023-05-09T18:15:12.587`) +* [CVE-2023-24942](CVE-2023/CVE-2023-249xx/CVE-2023-24942.json) (`2023-05-09T18:15:12.643`) +* [CVE-2023-24943](CVE-2023/CVE-2023-249xx/CVE-2023-24943.json) (`2023-05-09T18:15:12.720`) +* [CVE-2023-24944](CVE-2023/CVE-2023-249xx/CVE-2023-24944.json) (`2023-05-09T18:15:12.780`) +* [CVE-2023-24945](CVE-2023/CVE-2023-249xx/CVE-2023-24945.json) (`2023-05-09T18:15:12.840`) +* [CVE-2023-24946](CVE-2023/CVE-2023-249xx/CVE-2023-24946.json) (`2023-05-09T18:15:12.900`) +* [CVE-2023-24947](CVE-2023/CVE-2023-249xx/CVE-2023-24947.json) (`2023-05-09T18:15:12.960`) +* [CVE-2023-24948](CVE-2023/CVE-2023-249xx/CVE-2023-24948.json) (`2023-05-09T18:15:13.017`) +* [CVE-2023-24949](CVE-2023/CVE-2023-249xx/CVE-2023-24949.json) (`2023-05-09T18:15:13.080`) +* [CVE-2023-24950](CVE-2023/CVE-2023-249xx/CVE-2023-24950.json) (`2023-05-09T18:15:13.143`) +* [CVE-2023-24953](CVE-2023/CVE-2023-249xx/CVE-2023-24953.json) (`2023-05-09T18:15:13.203`) +* [CVE-2023-24954](CVE-2023/CVE-2023-249xx/CVE-2023-24954.json) (`2023-05-09T18:15:13.260`) +* [CVE-2023-24955](CVE-2023/CVE-2023-249xx/CVE-2023-24955.json) (`2023-05-09T18:15:13.317`) +* [CVE-2023-2609](CVE-2023/CVE-2023-26xx/CVE-2023-2609.json) (`2023-05-09T18:15:14.147`) +* [CVE-2023-28251](CVE-2023/CVE-2023-282xx/CVE-2023-28251.json) (`2023-05-09T18:15:13.433`) +* [CVE-2023-28283](CVE-2023/CVE-2023-282xx/CVE-2023-28283.json) (`2023-05-09T18:15:13.490`) +* [CVE-2023-28290](CVE-2023/CVE-2023-282xx/CVE-2023-28290.json) (`2023-05-09T18:15:13.547`) +* [CVE-2023-29324](CVE-2023/CVE-2023-293xx/CVE-2023-29324.json) (`2023-05-09T18:15:13.607`) +* [CVE-2023-29325](CVE-2023/CVE-2023-293xx/CVE-2023-29325.json) (`2023-05-09T18:15:13.667`) +* [CVE-2023-29333](CVE-2023/CVE-2023-293xx/CVE-2023-29333.json) (`2023-05-09T18:15:13.727`) +* [CVE-2023-29335](CVE-2023/CVE-2023-293xx/CVE-2023-29335.json) (`2023-05-09T18:15:13.783`) +* [CVE-2023-29336](CVE-2023/CVE-2023-293xx/CVE-2023-29336.json) (`2023-05-09T18:15:13.840`) +* [CVE-2023-29338](CVE-2023/CVE-2023-293xx/CVE-2023-29338.json) (`2023-05-09T18:15:13.900`) +* [CVE-2023-29340](CVE-2023/CVE-2023-293xx/CVE-2023-29340.json) (`2023-05-09T18:15:13.967`) +* [CVE-2023-29341](CVE-2023/CVE-2023-293xx/CVE-2023-29341.json) (`2023-05-09T18:15:14.027`) +* [CVE-2023-29343](CVE-2023/CVE-2023-293xx/CVE-2023-29343.json) (`2023-05-09T18:15:14.087`) +* [CVE-2023-31472](CVE-2023/CVE-2023-314xx/CVE-2023-31472.json) (`2023-05-09T18:15:14.283`) +* [CVE-2023-31474](CVE-2023/CVE-2023-314xx/CVE-2023-31474.json) (`2023-05-09T18:15:14.323`) ### CVEs modified in the last Commit -Recently modified CVEs: `62` +Recently modified CVEs: `31` -* [CVE-2013-10026](CVE-2013/CVE-2013-100xx/CVE-2013-10026.json) (`2023-05-09T17:18:59.857`) -* [CVE-2017-9946](CVE-2017/CVE-2017-99xx/CVE-2017-9946.json) (`2023-05-09T16:27:38.737`) -* [CVE-2017-9947](CVE-2017/CVE-2017-99xx/CVE-2017-9947.json) (`2023-05-09T16:27:57.397`) -* [CVE-2019-13939](CVE-2019/CVE-2019-139xx/CVE-2019-13939.json) (`2023-05-09T16:27:15.257`) -* [CVE-2022-25713](CVE-2022/CVE-2022-257xx/CVE-2022-25713.json) (`2023-05-09T16:38:01.897`) -* [CVE-2022-30995](CVE-2022/CVE-2022-309xx/CVE-2022-30995.json) (`2023-05-09T17:03:06.093`) -* [CVE-2022-33281](CVE-2022/CVE-2022-332xx/CVE-2022-33281.json) (`2023-05-09T16:37:34.280`) -* [CVE-2022-33292](CVE-2022/CVE-2022-332xx/CVE-2022-33292.json) (`2023-05-09T16:37:09.067`) -* [CVE-2022-33304](CVE-2022/CVE-2022-333xx/CVE-2022-33304.json) (`2023-05-09T16:36:32.340`) -* [CVE-2022-33305](CVE-2022/CVE-2022-333xx/CVE-2022-33305.json) (`2023-05-09T16:36:20.023`) -* [CVE-2022-3405](CVE-2022/CVE-2022-34xx/CVE-2022-3405.json) (`2023-05-09T17:02:27.727`) -* [CVE-2022-34144](CVE-2022/CVE-2022-341xx/CVE-2022-34144.json) (`2023-05-09T16:36:24.253`) -* [CVE-2022-40505](CVE-2022/CVE-2022-405xx/CVE-2022-40505.json) (`2023-05-09T16:34:33.830`) -* [CVE-2022-40508](CVE-2022/CVE-2022-405xx/CVE-2022-40508.json) (`2023-05-09T16:36:28.163`) -* [CVE-2022-41104](CVE-2022/CVE-2022-411xx/CVE-2022-41104.json) (`2023-05-09T17:15:09.413`) -* [CVE-2022-41120](CVE-2022/CVE-2022-411xx/CVE-2022-41120.json) (`2023-05-09T17:15:09.613`) -* [CVE-2023-1387](CVE-2023/CVE-2023-13xx/CVE-2023-1387.json) (`2023-05-09T16:39:27.417`) -* [CVE-2023-1966](CVE-2023/CVE-2023-19xx/CVE-2023-1966.json) (`2023-05-09T17:53:51.073`) -* [CVE-2023-2000](CVE-2023/CVE-2023-20xx/CVE-2023-2000.json) (`2023-05-09T16:31:00.540`) -* [CVE-2023-2158](CVE-2023/CVE-2023-21xx/CVE-2023-2158.json) (`2023-05-09T17:52:35.830`) -* [CVE-2023-21642](CVE-2023/CVE-2023-216xx/CVE-2023-21642.json) (`2023-05-09T16:32:01.093`) -* [CVE-2023-21712](CVE-2023/CVE-2023-217xx/CVE-2023-21712.json) (`2023-05-09T16:50:44.697`) -* [CVE-2023-21738](CVE-2023/CVE-2023-217xx/CVE-2023-21738.json) (`2023-05-09T17:15:09.807`) -* [CVE-2023-21775](CVE-2023/CVE-2023-217xx/CVE-2023-21775.json) (`2023-05-09T17:15:09.937`) -* [CVE-2023-21795](CVE-2023/CVE-2023-217xx/CVE-2023-21795.json) (`2023-05-09T17:15:10.107`) -* [CVE-2023-21796](CVE-2023/CVE-2023-217xx/CVE-2023-21796.json) (`2023-05-09T17:15:10.237`) -* [CVE-2023-22503](CVE-2023/CVE-2023-225xx/CVE-2023-22503.json) (`2023-05-09T16:24:56.853`) -* [CVE-2023-22691](CVE-2023/CVE-2023-226xx/CVE-2023-22691.json) (`2023-05-09T17:07:24.280`) -* [CVE-2023-2355](CVE-2023/CVE-2023-23xx/CVE-2023-2355.json) (`2023-05-09T16:38:54.170`) -* [CVE-2023-23790](CVE-2023/CVE-2023-237xx/CVE-2023-23790.json) (`2023-05-09T17:04:45.130`) -* [CVE-2023-2445](CVE-2023/CVE-2023-24xx/CVE-2023-2445.json) (`2023-05-09T17:25:41.957`) -* [CVE-2023-24512](CVE-2023/CVE-2023-245xx/CVE-2023-24512.json) (`2023-05-09T16:02:21.720`) -* [CVE-2023-2459](CVE-2023/CVE-2023-24xx/CVE-2023-2459.json) (`2023-05-09T17:16:44.733`) -* [CVE-2023-2460](CVE-2023/CVE-2023-24xx/CVE-2023-2460.json) (`2023-05-09T17:16:24.910`) -* [CVE-2023-2461](CVE-2023/CVE-2023-24xx/CVE-2023-2461.json) (`2023-05-09T17:16:07.147`) -* [CVE-2023-2462](CVE-2023/CVE-2023-24xx/CVE-2023-2462.json) (`2023-05-09T17:15:30.470`) -* [CVE-2023-2463](CVE-2023/CVE-2023-24xx/CVE-2023-2463.json) (`2023-05-09T17:13:37.423`) -* [CVE-2023-2464](CVE-2023/CVE-2023-24xx/CVE-2023-2464.json) (`2023-05-09T17:12:05.487`) -* [CVE-2023-2465](CVE-2023/CVE-2023-24xx/CVE-2023-2465.json) (`2023-05-09T17:11:35.407`) -* [CVE-2023-2466](CVE-2023/CVE-2023-24xx/CVE-2023-2466.json) (`2023-05-09T17:11:08.640`) -* [CVE-2023-2467](CVE-2023/CVE-2023-24xx/CVE-2023-2467.json) (`2023-05-09T17:10:36.677`) -* [CVE-2023-2468](CVE-2023/CVE-2023-24xx/CVE-2023-2468.json) (`2023-05-09T17:10:02.967`) -* [CVE-2023-2473](CVE-2023/CVE-2023-24xx/CVE-2023-2473.json) (`2023-05-09T17:36:44.243`) -* [CVE-2023-2474](CVE-2023/CVE-2023-24xx/CVE-2023-2474.json) (`2023-05-09T17:35:26.590`) -* [CVE-2023-2475](CVE-2023/CVE-2023-24xx/CVE-2023-2475.json) (`2023-05-09T17:27:09.967`) -* [CVE-2023-2476](CVE-2023/CVE-2023-24xx/CVE-2023-2476.json) (`2023-05-09T17:21:53.020`) -* [CVE-2023-2477](CVE-2023/CVE-2023-24xx/CVE-2023-2477.json) (`2023-05-09T17:20:54.677`) -* [CVE-2023-25787](CVE-2023/CVE-2023-257xx/CVE-2023-25787.json) (`2023-05-09T17:00:02.467`) -* [CVE-2023-25792](CVE-2023/CVE-2023-257xx/CVE-2023-25792.json) (`2023-05-09T16:59:05.530`) -* [CVE-2023-25797](CVE-2023/CVE-2023-257xx/CVE-2023-25797.json) (`2023-05-09T16:42:33.117`) -* [CVE-2023-27075](CVE-2023/CVE-2023-270xx/CVE-2023-27075.json) (`2023-05-09T17:43:32.093`) -* [CVE-2023-27107](CVE-2023/CVE-2023-271xx/CVE-2023-27107.json) (`2023-05-09T17:24:20.610`) -* [CVE-2023-28070](CVE-2023/CVE-2023-280xx/CVE-2023-28070.json) (`2023-05-09T17:06:23.173`) -* [CVE-2023-29680](CVE-2023/CVE-2023-296xx/CVE-2023-29680.json) (`2023-05-09T16:29:40.173`) -* [CVE-2023-29681](CVE-2023/CVE-2023-296xx/CVE-2023-29681.json) (`2023-05-09T16:29:48.443`) -* [CVE-2023-29839](CVE-2023/CVE-2023-298xx/CVE-2023-29839.json) (`2023-05-09T17:08:54.440`) -* [CVE-2023-30845](CVE-2023/CVE-2023-308xx/CVE-2023-30845.json) (`2023-05-09T16:08:02.997`) -* [CVE-2023-30852](CVE-2023/CVE-2023-308xx/CVE-2023-30852.json) (`2023-05-09T17:53:20.770`) -* [CVE-2023-31138](CVE-2023/CVE-2023-311xx/CVE-2023-31138.json) (`2023-05-09T17:37:00.247`) -* [CVE-2023-31139](CVE-2023/CVE-2023-311xx/CVE-2023-31139.json) (`2023-05-09T17:37:00.247`) -* [CVE-2023-31143](CVE-2023/CVE-2023-311xx/CVE-2023-31143.json) (`2023-05-09T17:37:00.247`) -* [CVE-2023-32060](CVE-2023/CVE-2023-320xx/CVE-2023-32060.json) (`2023-05-09T17:37:00.247`) +* [CVE-2021-42847](CVE-2021/CVE-2021-428xx/CVE-2021-42847.json) (`2023-05-09T18:15:11.397`) +* [CVE-2022-20929](CVE-2022/CVE-2022-209xx/CVE-2022-20929.json) (`2023-05-09T18:15:11.500`) +* [CVE-2022-21229](CVE-2022/CVE-2022-212xx/CVE-2022-21229.json) (`2023-05-09T19:15:11.283`) +* [CVE-2022-25273](CVE-2022/CVE-2022-252xx/CVE-2022-25273.json) (`2023-05-09T18:47:56.107`) +* [CVE-2022-25274](CVE-2022/CVE-2022-252xx/CVE-2022-25274.json) (`2023-05-09T19:11:17.407`) +* [CVE-2022-25277](CVE-2022/CVE-2022-252xx/CVE-2022-25277.json) (`2023-05-09T19:26:40.053`) +* [CVE-2022-25772](CVE-2022/CVE-2022-257xx/CVE-2022-25772.json) (`2023-05-09T19:15:11.413`) +* [CVE-2022-28888](CVE-2022/CVE-2022-288xx/CVE-2022-28888.json) (`2023-05-09T18:15:11.600`) +* [CVE-2022-33273](CVE-2022/CVE-2022-332xx/CVE-2022-33273.json) (`2023-05-09T18:33:28.843`) +* [CVE-2022-45801](CVE-2022/CVE-2022-458xx/CVE-2022-45801.json) (`2023-05-09T18:09:27.697`) +* [CVE-2022-45802](CVE-2022/CVE-2022-458xx/CVE-2022-45802.json) (`2023-05-09T18:10:43.900`) +* [CVE-2022-46365](CVE-2022/CVE-2022-463xx/CVE-2022-46365.json) (`2023-05-09T18:04:19.747`) +* [CVE-2022-47877](CVE-2022/CVE-2022-478xx/CVE-2022-47877.json) (`2023-05-09T19:42:15.130`) +* [CVE-2023-0155](CVE-2023/CVE-2023-01xx/CVE-2023-0155.json) (`2023-05-09T19:53:24.107`) +* [CVE-2023-0485](CVE-2023/CVE-2023-04xx/CVE-2023-0485.json) (`2023-05-09T19:53:10.287`) +* [CVE-2023-1477](CVE-2023/CVE-2023-14xx/CVE-2023-1477.json) (`2023-05-09T19:38:42.500`) +* [CVE-2023-2069](CVE-2023/CVE-2023-20xx/CVE-2023-2069.json) (`2023-05-09T19:58:32.077`) +* [CVE-2023-2247](CVE-2023/CVE-2023-22xx/CVE-2023-2247.json) (`2023-05-09T18:23:24.153`) +* [CVE-2023-2479](CVE-2023/CVE-2023-24xx/CVE-2023-2479.json) (`2023-05-09T18:48:53.560`) +* [CVE-2023-24892](CVE-2023/CVE-2023-248xx/CVE-2023-24892.json) (`2023-05-09T18:15:11.823`) +* [CVE-2023-27568](CVE-2023/CVE-2023-275xx/CVE-2023-27568.json) (`2023-05-09T18:15:13.370`) +* [CVE-2023-29772](CVE-2023/CVE-2023-297xx/CVE-2023-29772.json) (`2023-05-09T18:40:44.477`) +* [CVE-2023-29918](CVE-2023/CVE-2023-299xx/CVE-2023-29918.json) (`2023-05-09T19:27:09.447`) +* [CVE-2023-30204](CVE-2023/CVE-2023-302xx/CVE-2023-30204.json) (`2023-05-09T19:43:20.183`) +* [CVE-2023-30268](CVE-2023/CVE-2023-302xx/CVE-2023-30268.json) (`2023-05-09T18:15:14.210`) +* [CVE-2023-30838](CVE-2023/CVE-2023-308xx/CVE-2023-30838.json) (`2023-05-09T19:46:44.303`) +* [CVE-2023-30847](CVE-2023/CVE-2023-308xx/CVE-2023-30847.json) (`2023-05-09T18:21:39.807`) +* [CVE-2023-30850](CVE-2023/CVE-2023-308xx/CVE-2023-30850.json) (`2023-05-09T18:18:04.593`) +* [CVE-2023-30859](CVE-2023/CVE-2023-308xx/CVE-2023-30859.json) (`2023-05-09T19:01:26.460`) +* [CVE-2023-30869](CVE-2023/CVE-2023-308xx/CVE-2023-30869.json) (`2023-05-09T18:25:38.057`) +* [CVE-2023-31207](CVE-2023/CVE-2023-312xx/CVE-2023-31207.json) (`2023-05-09T19:21:42.800`) ## Download and Usage