diff --git a/CVE-2022/CVE-2022-400xx/CVE-2022-40010.json b/CVE-2022/CVE-2022-400xx/CVE-2022-40010.json index 8a7c375aeb5..c949e3313c5 100644 --- a/CVE-2022/CVE-2022-400xx/CVE-2022-40010.json +++ b/CVE-2022/CVE-2022-400xx/CVE-2022-40010.json @@ -2,19 +2,88 @@ "id": "CVE-2022-40010", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T17:15:09.310", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:22:31.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.06.50_multi:*:*:*:*:*:*:*", + "matchCriteriaId": "D3EC4D9E-D190-4037-A9DF-9A1575276E73" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00830EE1-D0BB-462E-9F15-4E59560C14B8" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/173029/Tenda-AC6-AC1200-15.03.06.50_multi-Cross-Site-Scripting.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48331.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48331.json index 19283b865af..305ab1aabb8 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48331.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48331.json @@ -2,19 +2,76 @@ "id": "CVE-2022-48331", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T16:15:09.480", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:18:02.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "5.1.1", + "matchCriteriaId": "6F480E2C-B345-4E99-A6FB-92E5A9B21417" + } + ] + } + ] + } + ], "references": [ { "url": "https://cyberintel.es/cve/CVE-2022-48331_Buffer_Overflow_in_Widevine_drm_save_keys_0x69b0/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48332.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48332.json index 3cc0e1617eb..b098d8282c9 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48332.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48332.json @@ -2,19 +2,76 @@ "id": "CVE-2022-48332", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T17:15:09.637", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:17:53.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "5.1.1", + "matchCriteriaId": "6F480E2C-B345-4E99-A6FB-92E5A9B21417" + } + ] + } + ] + } + ], "references": [ { "url": "https://cyberintel.es/cve/CVE-2022-48332_Buffer_Overflow_in_Widevine_drm_save_keys_0x6a18/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48333.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48333.json index 3623b374e28..d24fc789ac2 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48333.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48333.json @@ -2,19 +2,76 @@ "id": "CVE-2022-48333", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T17:15:09.923", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:17:41.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "5.1.1", + "matchCriteriaId": "6F480E2C-B345-4E99-A6FB-92E5A9B21417" + } + ] + } + ] + } + ], "references": [ { "url": "https://cyberintel.es/cve/CVE-2022-48333_Buffer_Overflow_in_Widevine_drm_verify_keys_0x730c/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48334.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48334.json index a9764e5abf7..8598da47671 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48334.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48334.json @@ -2,19 +2,76 @@ "id": "CVE-2022-48334", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T17:15:10.127", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:22:09.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "5.1.1", + "matchCriteriaId": "6F480E2C-B345-4E99-A6FB-92E5A9B21417" + } + ] + } + ] + } + ], "references": [ { "url": "https://cyberintel.es/cve/CVE-2022-48334_Buffer_Overflow_in_Widevine_drm_verify_keys_0x7370/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48335.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48335.json index afadd3f83ae..8675e0d44f1 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48335.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48335.json @@ -2,19 +2,76 @@ "id": "CVE-2022-48335", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T17:15:10.347", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:22:00.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "7.1.1", + "matchCriteriaId": "81C817C3-A881-4ABE-AE3F-4BD38C26F628" + } + ] + } + ] + } + ], "references": [ { "url": "https://cyberintel.es/cve/CVE-2022-48335_Buffer_Overflow_in_Widevine_PRDiagVerifyProvisioning_0x5f90/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48336.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48336.json index 85524d76719..8482ad488f6 100644 --- a/CVE-2022/CVE-2022-483xx/CVE-2022-48336.json +++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48336.json @@ -2,19 +2,76 @@ "id": "CVE-2022-48336", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T17:15:12.433", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:21:55.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "7.1.1", + "matchCriteriaId": "81C817C3-A881-4ABE-AE3F-4BD38C26F628" + } + ] + } + ] + } + ], "references": [ { "url": "https://cyberintel.es/cve/CVE-2022-48336_Buffer_Overflow_in_Widevine_PRDiagParseAndStoreData_0x5cc8/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23343.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23343.json index d68f08a6fd7..64e179ed61a 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23343.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23343.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23343", "sourceIdentifier": "psirt@hcl.com", "published": "2023-06-22T22:15:09.110", - "lastModified": "2023-06-23T13:03:31.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:03:11.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "psirt@hcl.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "311.12", + "matchCriteriaId": "9A0DB84E-0760-43CE-87D5-D6489E91EA06" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601", - "source": "psirt@hcl.com" + "source": "psirt@hcl.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23344.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23344.json index d026bd1512e..6a2b363697b 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23344.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23344.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23344", "sourceIdentifier": "psirt@hcl.com", "published": "2023-06-23T06:15:09.707", - "lastModified": "2023-06-23T13:03:31.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:16:21.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@hcl.com", "type": "Secondary", @@ -34,10 +54,42 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltech:bigfix_webui_insights:14:*:*:*:*:*:*:*", + "matchCriteriaId": "F2E7A0F5-AAAC-4FA7-A4FF-304148F32D86" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105705", - "source": "psirt@hcl.com" + "source": "psirt@hcl.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25306.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25306.json index cf1f51de9b1..8a905a87195 100644 --- a/CVE-2023/CVE-2023-253xx/CVE-2023-25306.json +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25306.json @@ -2,19 +2,76 @@ "id": "CVE-2023-25306", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T15:15:09.653", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T18:19:57.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:multimc:multimc:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.7.0", + "matchCriteriaId": "8C680236-5AF8-4A5C-B33E-81E41D6121FB" + } + ] + } + ] + } + ], "references": [ { "url": "https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25307.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25307.json index baf6714e8b2..962018ac935 100644 --- a/CVE-2023/CVE-2023-253xx/CVE-2023-25307.json +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25307.json @@ -2,23 +2,82 @@ "id": "CVE-2023-25307", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T15:15:09.703", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:19:20.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mrpack-install_project:mrpack-install:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.16.3", + "matchCriteriaId": "0C28D8D9-F1B8-49A7-A7AE-12C244A0F2E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nothub/mrpack-install/security/advisories/GHSA-r887-gfxh-m9rr", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25515.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25515.json index 4b9f1924df1..587482656cd 100644 --- a/CVE-2023/CVE-2023-255xx/CVE-2023-25515.json +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25515.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25515", "sourceIdentifier": "psirt@nvidia.com", "published": "2023-06-23T18:15:10.887", - "lastModified": "2023-06-23T19:24:47.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:15:31.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 6.0 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -46,10 +76,362 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "470", + "versionEndExcluding": "474.44", + "matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "530", + "versionEndExcluding": "536.23", + "matchCriteriaId": "FE08BF6D-C3C1-4905-85FD-3D1A4CB612F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", + "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "530", + "versionEndExcluding": "536.40", + "matchCriteriaId": "0F7FEA94-AA4F-46ED-9CA7-E0811E354637" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "470", + "versionEndExcluding": "474.44", + "matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "525", + "versionEndExcluding": "529.11", + "matchCriteriaId": "4F7E5174-40CB-46BA-BA7B-363D5949C99B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "530", + "versionEndExcluding": "536.25", + "matchCriteriaId": "092849D3-A62C-43E5-BDD7-5A4D7CA45794" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "450", + "versionEndExcluding": "454.23", + "matchCriteriaId": "AFDAA231-118A-4246-A53E-C3F144BD027A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "470", + "versionEndExcluding": "474.44", + "matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "525", + "versionEndExcluding": "529.11", + "matchCriteriaId": "4F7E5174-40CB-46BA-BA7B-363D5949C99B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "530", + "versionEndExcluding": "536.25", + "matchCriteriaId": "092849D3-A62C-43E5-BDD7-5A4D7CA45794" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "470", + "versionEndExcluding": "470.199.02", + "matchCriteriaId": "F74C5712-6BF6-486E-8B72-BBAD45F428CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "525", + "versionEndExcluding": "525.125.06", + "matchCriteriaId": "23955A71-2DD7-4A63-BA9E-05967C40E49B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "530", + "versionEndExcluding": "535.54.03", + "matchCriteriaId": "D069A217-D9A2-4B07-91CA-424852FD4A85" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", + "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "450", + "versionEndExcluding": "450.248.02", + "matchCriteriaId": "613588B1-1B4C-43E3-8327-528D512F3A76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "470", + "versionEndExcluding": "470.199.02", + "matchCriteriaId": "F74C5712-6BF6-486E-8B72-BBAD45F428CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "525", + "versionEndExcluding": "525.125.06", + "matchCriteriaId": "23955A71-2DD7-4A63-BA9E-05967C40E49B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "530", + "versionEndExcluding": "535.54.03", + "matchCriteriaId": "D069A217-D9A2-4B07-91CA-424852FD4A85" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.12", + "matchCriteriaId": "81A64668-3B60-402B-B0EF-919079700FB9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.7", + "matchCriteriaId": "65AFFB06-AC6E-426A-97D0-768F34853D6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.2", + "matchCriteriaId": "41388772-0B7C-4238-8021-590D0F1C0CE8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", + "versionEndExcluding": "531.79", + "matchCriteriaId": "A8D1ABE1-A024-4BD1-832A-AB459D85227D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25520.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25520.json index 27a30db5335..39571adcaf5 100644 --- a/CVE-2023/CVE-2023-255xx/CVE-2023-25520.json +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25520.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25520", "sourceIdentifier": "psirt@nvidia.com", "published": "2023-06-23T18:15:11.033", - "lastModified": "2023-06-23T19:24:43.457", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:27:23.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -46,10 +76,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", + "versionEndExcluding": "32.7.4", + "matchCriteriaId": "4F98866A-11A7-4529-B67F-106637A95767" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DD3D2AA-2A9F-470D-BB0F-A7B7C2EC2490" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64C3FB58-08AA-4FE4-97BE-21B254BA229F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B0AA5976-FD71-4A53-BD4F-D342E871FEB0" + } + ] + } + ] + } + ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5466", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2533.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2533.json index ccdadaa0791..6a05882d8cc 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2533.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2533.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2533", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-06-20T15:15:11.560", - "lastModified": "2023-06-20T15:49:08.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:19:40.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "help@fluidattacks.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "help@fluidattacks.com", "type": "Secondary", @@ -46,14 +76,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_mf:22.0.10:*:*:*:*:*:*:*", + "matchCriteriaId": "17E90E69-B5B5-4F51-B478-CC4CF7B9440D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_ng:22.0.10:*:*:*:*:*:*:*", + "matchCriteriaId": "5F1E8F89-A578-499F-92BF-F3E71C5FDA4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/arcangel/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.papercut.com/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2592.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2592.json index e5e26dd088f..b67a2cdd5ad 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2592.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2592.json @@ -2,18 +2,41 @@ "id": "CVE-2023-2592", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:10.790", - "lastModified": "2023-06-27T16:15:38.897", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:12:26.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +44,44 @@ "value": "CWE-89" } ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ncrafts:formcraft:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.9.7", + "matchCriteriaId": "FEE01EF2-6BC9-4A21-AF31-92C4D031F895" + } + ] + } + ] } ], "references": [ { "url": "https://wpscan.com/vulnerability/d4298960-eaba-4185-a730-3e621d9680e1", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26258.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26258.json index 1e37a897c19..5a61c724ba2 100644 --- a/CVE-2023/CVE-2023-262xx/CVE-2023-26258.json +++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26258.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26258", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-03T15:15:10.377", - "lastModified": "2023-07-03T15:15:10.377", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26509.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26509.json index 686e3d31aab..155e9bf78a8 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26509.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26509.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26509", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-03T15:15:10.437", - "lastModified": "2023-07-03T15:15:10.437", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2795.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2795.json index 9b82ee9f666..c14b82d3c2c 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2795.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2795.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2795", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:11.493", - "lastModified": "2023-06-27T16:15:35.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:28:20.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codecolorer_project:codecolorer:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "0.10.1", + "matchCriteriaId": "99AE3195-3A8E-43E3-A836-D916BA373271" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/2d6ecd21-3dd4-423d-80e7-277c45080a9f", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28006.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28006.json index 122207b35f7..fe663d11655 100644 --- a/CVE-2023/CVE-2023-280xx/CVE-2023-28006.json +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28006.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28006", "sourceIdentifier": "psirt@hcl.com", "published": "2023-06-22T23:15:09.277", - "lastModified": "2023-06-23T13:03:31.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:01:40.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@hcl.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "311.12", + "matchCriteriaId": "9A0DB84E-0760-43CE-87D5-D6489E91EA06" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601", - "source": "psirt@hcl.com" + "source": "psirt@hcl.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28016.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28016.json index 08e0930ad64..59a804fdb05 100644 --- a/CVE-2023/CVE-2023-280xx/CVE-2023-28016.json +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28016.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28016", "sourceIdentifier": "psirt@hcl.com", "published": "2023-06-22T23:15:09.343", - "lastModified": "2023-06-23T13:03:31.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:17:06.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "psirt@hcl.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "311.12", + "matchCriteriaId": "9A0DB84E-0760-43CE-87D5-D6489E91EA06" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601", - "source": "psirt@hcl.com" + "source": "psirt@hcl.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28094.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28094.json index 42ecdd4a00e..cb28d5cfc8d 100644 --- a/CVE-2023/CVE-2023-280xx/CVE-2023-28094.json +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28094.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28094", "sourceIdentifier": "security@pega.com", "published": "2023-06-22T21:15:09.163", - "lastModified": "2023-06-23T13:03:39.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:06:04.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@pega.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security@pega.com", "type": "Secondary", @@ -46,10 +78,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndIncluding": "8.8.3", + "matchCriteriaId": "6C36507F-B90C-481F-9E47-9C5F8B33966D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators?", - "source": "security@pega.com" + "source": "security@pega.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28121.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28121.json index 13362fe1a56..84bcd05fa09 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28121.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28121.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28121", "sourceIdentifier": "support@hackerone.com", "published": "2023-04-12T21:15:28.057", - "lastModified": "2023-04-21T15:10:02.147", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-03T18:15:09.533", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -132,6 +132,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/", + "source": "support@hackerone.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28485.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28485.json index edbccd7243f..5b50a0f6b40 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28485.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28485.json @@ -2,27 +2,92 @@ "id": "CVE-2023-28485", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T16:15:09.537", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:22:57.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.75", + "matchCriteriaId": "5811ACF9-EA77-4434-9012-022410D2BCD5" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/172649/Wekan-6.74-Cross-Site-Scripting.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://wekan.github.io/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://wekan.github.io/hall-of-fame/filebleed/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2828.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2828.json index b316f759bd7..82682d6c0b8 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2828.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2828.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2828", "sourceIdentifier": "security-officer@isc.org", "published": "2023-06-21T17:15:47.703", - "lastModified": "2023-07-03T16:15:09.807", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-07-03T19:11:56.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,30 +34,305 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", + "versionStartIncluding": "9.11.0", + "versionEndIncluding": "9.16.41", + "matchCriteriaId": "D07C6BAA-C1AB-46BA-8C43-2CAD9A56F9F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*", + "versionStartIncluding": "9.11.3", + "versionEndIncluding": "9.16.41", + "matchCriteriaId": "1C89B14A-F275-41A5-993D-AC024C6395B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", + "versionStartIncluding": "9.18.0", + "versionEndIncluding": "9.18.15", + "matchCriteriaId": "BB0EF8A8-398F-424C-8284-2F96E4569E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*", + "versionStartIncluding": "9.18.11", + "versionEndIncluding": "9.18.15", + "matchCriteriaId": "41E493D6-D811-47ED-9227-CC2AA1837FE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", + "versionStartIncluding": "9.19.0", + "versionEndIncluding": "9.19.13", + "matchCriteriaId": "C3D5078D-5783-4D4A-A24F-84FB9BB9F8AC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/6", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://kb.isc.org/docs/cve-2023-2828", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230703-0010/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5439", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2829.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2829.json index f7630e9404a..82f1d4ff292 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2829.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2829.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2829", "sourceIdentifier": "security-officer@isc.org", "published": "2023-06-21T17:15:47.770", - "lastModified": "2023-07-03T16:15:09.897", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-07-03T19:11:00.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,14 +34,210 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*", + "versionStartIncluding": "9.16.8", + "versionEndIncluding": "9.16.41", + "matchCriteriaId": "4ECB8B5E-F1D6-455C-8E50-87BFF2311465" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*", + "versionStartIncluding": "9.18.11", + "versionEndIncluding": "9.18.15", + "matchCriteriaId": "41E493D6-D811-47ED-9227-CC2AA1837FE4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + } + ] + } + ] + } + ], "references": [ { "url": "https://kb.isc.org/docs/cve-2023-2829", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230703-0010/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2842.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2842.json index 33bc7274c9a..cfb0c0fd2ac 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2842.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2842.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2842", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:11.567", - "lastModified": "2023-06-27T16:15:35.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:27:16.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpinventory:wp_inventory_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.0.14", + "matchCriteriaId": "8660BB5E-CF41-430F-8179-2C0372318B37" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/0357ecc7-56f5-4843-a928-bf2d3ce75596", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2877.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2877.json index 625fd4dcc38..134ccef584e 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2877.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2877.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2877", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:11.633", - "lastModified": "2023-06-27T16:15:35.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:26:43.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:strategy11:formidable_forms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.3.1", + "matchCriteriaId": "078E6764-A4DF-4992-AE5D-F623E6B8E94C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29093.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29093.json index ee9746ea055..d204e9ececf 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29093.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29093.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29093", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-26T06:15:10.773", - "lastModified": "2023-06-26T13:02:32.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:19:55.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:piwebsolution:conditional_cart_fee_\\/_extra_charge_rule_for_woocommerce_extra_fees:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.96", + "matchCriteriaId": "8F83895C-DE14-4852-A6B7-6D44203AB0E2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/conditional-extra-fees-for-woocommerce/wordpress-conditional-extra-fees-for-woocommerce-plugin-1-0-96-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29423.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29423.json index 9fa39c582c0..5df3cbb2d35 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29423.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29423.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29423", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-26T08:15:09.050", - "lastModified": "2023-06-26T13:02:32.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:19:39.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:piwebsolution:cancel_order_request_\\/_return_order_\\/_repeat_order_\\/_reorder_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.2", + "matchCriteriaId": "A42EB328-3F88-443C-970C-30F98C661796" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cancel-order-request-woocommerce/wordpress-cancel-order-request-woocommerce-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29438.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29438.json index b288aa9f921..d2a46deb0c9 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29438.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29438.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29438", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-26T13:15:09.560", - "lastModified": "2023-06-26T15:02:18.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T18:04:26.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplemodal_contact_form_project:simplemodal_contact_form:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.9", + "matchCriteriaId": "48D16A22-39A5-4073-9ADD-70751AE45381" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simplemodal-contact-form-smcf/wordpress-simplemodal-contact-form-smcf-plugin-1-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2911.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2911.json index 00e10db1c76..d08ce9e2026 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2911.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2911.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2911", "sourceIdentifier": "security-officer@isc.org", "published": "2023-06-21T17:15:47.827", - "lastModified": "2023-07-03T16:15:09.983", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-07-03T19:09:45.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,30 +34,308 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", + "versionStartIncluding": "9.16.33", + "versionEndIncluding": "9.16.41", + "matchCriteriaId": "2E225B5E-5D4E-4D7D-8E8E-BDAF69386072" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*", + "versionStartIncluding": "9.16.33", + "versionEndIncluding": "9.16.41", + "matchCriteriaId": "B44AC868-4E58-4D76-BE4A-AB47E3FFA134" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", + "versionStartIncluding": "9.18.7", + "versionEndIncluding": "9.18.15", + "matchCriteriaId": "DFFF05A7-1826-4485-BEE4-DB3A5B25B49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*", + "versionStartIncluding": "9.18.11", + "versionEndIncluding": "9.18.15", + "matchCriteriaId": "41E493D6-D811-47ED-9227-CC2AA1837FE4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/6", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://kb.isc.org/docs/cve-2023-2911", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230703-0010/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5439", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2996.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2996.json index 39f8705ea3a..dc21e7b69a5 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2996.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2996.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2996", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:11.723", - "lastModified": "2023-06-27T16:15:35.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:26:05.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,14 +46,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "12.1.1", + "matchCriteriaId": "F5E11109-F3B9-4201-9C0B-94D8FDD0ECE4" + } + ] + } + ] + } + ], "references": [ { "url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30261.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30261.json index b61174010e2..e9e9a683da6 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30261.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30261.json @@ -2,27 +2,98 @@ "id": "CVE-2023-30261", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T14:15:10.223", - "lastModified": "2023-06-26T15:02:18.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T18:35:15.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openwb:openwb:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "9B16EC80-37A7-45E2-8F68-DE9C60C18B44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openwb:openwb:1.7:*:*:*:*:*:*:*", + "matchCriteriaId": "2E3B3C05-CEF6-4982-B3FC-C531C79D66DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://eldstal.se/advisories/230329-openwb.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://github.com/snaptec/openWB/issues/2672", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://github.com/snaptec/openWB/pull/2673", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3114.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3114.json index 429f8c26278..0eee8cb65d3 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3114.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3114.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3114", "sourceIdentifier": "security@hashicorp.com", "published": "2023-06-22T22:15:09.197", - "lastModified": "2023-06-23T13:03:31.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:02:38.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:terraform_enterprise:*:*:*:*:*:*:*:*", + "versionStartIncluding": "202207-1", + "versionEndExcluding": "202306-1", + "matchCriteriaId": "2FD92957-F413-4189-B026-C7CB7CF7348B" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-18-terraform-enterprise-agent-pool-controls-allowed-unauthorized-workspaces-to-target-an-agent-pool/55329", - "source": "security@hashicorp.com" + "source": "security@hashicorp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32571.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32571.json index 046022419dd..4a303956c42 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32571.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32571.json @@ -2,23 +2,83 @@ "id": "CVE-2023-32571", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T20:15:09.640", - "lastModified": "2023-06-23T13:03:39.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:07:26.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dynamic-linq:linq:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.7.10", + "versionEndIncluding": "1.2.25", + "matchCriteriaId": "508EE55E-ED69-462D-B1FD-6C0F2E5AD558" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zzzprojects/System.Linq.Dynamic.Core", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33299.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33299.json index 4deae8aaa63..a0581347c75 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33299.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33299.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33299", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-06-23T08:15:09.483", - "lastModified": "2023-06-23T13:03:31.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T18:59:42.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +54,109 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.0", + "versionEndIncluding": "8.5.4", + "matchCriteriaId": "8292B841-851C-42C2-AF13-17AB2FA894CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.6.0", + "versionEndIncluding": "8.6.5", + "matchCriteriaId": "95E75B88-1750-4FB6-BCE4-74B69D93C918" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.7.0", + "versionEndIncluding": "8.7.6", + "matchCriteriaId": "3BD32B25-76B4-4D6E-BB5C-065070297058" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.8.0", + "versionEndIncluding": "8.8.11", + "matchCriteriaId": "46929BE3-0396-4B8A-9889-9F6CA73FAD4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.0", + "versionEndIncluding": "9.1.9", + "matchCriteriaId": "D101F116-0C73-401E-9882-8BA2F403FA4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndIncluding": "9.2.7", + "matchCriteriaId": "B341AE7E-48F1-4ABE-891F-F9D543D19E29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EFF5B4CF-5BF9-4852-BD4F-5A27FD17EDC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:7.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4C3107FF-B414-4C7C-BD97-AC102A744B1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "952F266E-0E48-4D69-81E0-9F813B60AC3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E12E11B0-E21A-4124-9DF9-FF268BB19813" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4648F862-AB8C-4B8D-8F2D-5D2641F08845" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6B0251A8-1E8B-4B4A-962F-3E5950601814" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-074", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34110.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34110.json index f6b833c9f7d..8e0228dab92 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34110.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34110.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34110", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-22T23:15:09.410", - "lastModified": "2023-06-23T13:03:31.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:00:56.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:flask-appbuilder_project:flask-appbuilder:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.3.2", + "matchCriteriaId": "89D84C58-58FA-4CEE-804D-F114CD419E72" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/dpgaspar/Flask-AppBuilder/pull/2045", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34242.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34242.json index 313b299876c..aa79ef46f65 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34242.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34242.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34242", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-15T20:15:09.473", - "lastModified": "2023-06-15T20:46:39.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:12:59.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC." + }, + { + "lang": "es", + "value": "Cilium es una soluci\u00f3n de red, observabilidad y seguridad con un plano de datos basado en eBPF. Antes de la versi\u00f3n 1.13.4, cuando la API de puerta de enlace est\u00e1 habilitada en Cilium, la ausencia de una comprobaci\u00f3n en el espacio de nombres en el que se crea una \"ReferenceGrant\" podr\u00eda dar lugar a que Cilium obtuviera involuntariamente visibilidad de secretos (incluidos certificados) y servicios a trav\u00e9s de espacios de nombres. Un atacante en un cl\u00faster afectado puede aprovechar este problema para utilizar secretos de cl\u00faster que no deber\u00edan ser visibles para \u00e9l, o comunicarse con servicios a los que no deber\u00eda tener acceso. La funcionalidad \"Gateway API\" est\u00e1 desactivada por defecto. Esta vulnerabilidad se ha corregido en la versi\u00f3n 1.13.4 de Cilium. Como soluci\u00f3n, restrinja la creaci\u00f3n de recursos \"ReferenceGrant\" a los usuarios administradores mediante Kubernetes RBAC. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.13.4", + "matchCriteriaId": "4CCCAA75-0B30-4621-99DA-48D617D3A9B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cilium/cilium/releases/tag/v1.13.4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/cilium/cilium/security/advisories/GHSA-r7wr-4w5q-55m6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34450.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34450.json index ef68d15c748..8c56309b3db 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34450.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34450.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34450", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-03T17:15:09.147", - "lastModified": "2023-07-03T17:15:09.147", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34451.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34451.json index 1cdcf6bc82f..06f05fc04fc 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34451.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34451.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34451", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-03T17:15:09.240", - "lastModified": "2023-07-03T17:15:09.240", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34553.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34553.json index 81c5d13611e..6ed01b736cd 100644 --- a/CVE-2023/CVE-2023-345xx/CVE-2023-34553.json +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34553.json @@ -2,19 +2,86 @@ "id": "CVE-2023-34553", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T21:15:09.367", - "lastModified": "2023-06-23T13:03:39.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:04:02.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wafucn:wafu_keyless_smart_lock_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "68B7D499-05DC-4BC5-8AA7-0DF9A7C8E645" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:wafucn:wafu_keyless_smart_lock:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E25A352-FE93-4042-BD32-917169B76AA9" + } + ] + } + ] + } + ], "references": [ { "url": "https://ashallen.net/wireless-smart-lock-vulnerability-disclosure", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34835.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34835.json index 684944d40df..96d9e8f2123 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34835.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34835.json @@ -2,19 +2,75 @@ "id": "CVE-2023-34835", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T18:15:13.557", - "lastModified": "2023-06-27T18:34:43.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:30:38.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*", + "matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sahiloj/CVE-2023-34835/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34836.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34836.json index 3355adc7833..da75751e41a 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34836.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34836.json @@ -2,19 +2,75 @@ "id": "CVE-2023-34836", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T18:15:13.603", - "lastModified": "2023-06-27T18:34:43.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:30:27.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*", + "matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sahiloj/CVE-2023-34836/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34837.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34837.json index 7659612f383..d6c9295e481 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34837.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34837.json @@ -2,19 +2,75 @@ "id": "CVE-2023-34837", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T18:15:13.653", - "lastModified": "2023-06-27T18:34:43.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:30:12.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*", + "matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sahiloj/CVE-2023-34837/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34838.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34838.json index 29afdb3bb5a..fe312a1137e 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34838.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34838.json @@ -2,19 +2,75 @@ "id": "CVE-2023-34838", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T18:15:13.700", - "lastModified": "2023-06-27T18:34:43.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:30:00.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*", + "matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sahiloj/CVE-2023-34838/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34839.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34839.json index 0b5db1898cf..1e9fc7319bf 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34839.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34839.json @@ -2,19 +2,75 @@ "id": "CVE-2023-34839", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T18:15:13.747", - "lastModified": "2023-06-27T18:34:43.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:29:43.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:issabel:pbx:4.0.0-6:*:*:*:*:*:*:*", + "matchCriteriaId": "D1A5E56B-4B74-4BF7-ACF5-1D9F3C0FC0FF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sahiloj/CVE-2023-34839/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3431.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3431.json index f703e3d7a7d..08a0b5874f5 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3431.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3431.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3431", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-27T15:15:11.743", - "lastModified": "2023-06-27T16:15:35.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:24:51.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,8 +58,18 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +78,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2023.9", + "matchCriteriaId": "389D4A80-A72D-42CC-885E-818A52175C8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3432.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3432.json index 3b02be67e5e..47f30f3fbab 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3432.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3432.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3432", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-27T15:15:11.980", - "lastModified": "2023-06-27T16:15:35.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:24:13.527", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.8 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2023.9", + "matchCriteriaId": "389D4A80-A72D-42CC-885E-818A52175C8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3497.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3497.json index 500ca467d9b..3a084975653 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3497.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3497.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3497", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-07-03T17:15:09.540", - "lastModified": "2023-07-03T17:15:09.540", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35154.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35154.json index 046807c5efe..459216dd07a 100644 --- a/CVE-2023/CVE-2023-351xx/CVE-2023-35154.json +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35154.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35154", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-23T21:15:09.400", - "lastModified": "2023-06-24T12:41:30.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T18:47:34.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +66,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eng:knowage:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "8.1.8", + "matchCriteriaId": "97741C80-7124-493C-B642-25BC547AA137" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-48hp-jvv8-cf62", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35171.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35171.json index f76f739013e..556901ca6f9 100644 --- a/CVE-2023/CVE-2023-351xx/CVE-2023-35171.json +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35171.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35171", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-23T21:15:09.703", - "lastModified": "2023-06-24T12:41:30.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:38:57.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,20 +64,71 @@ "value": "CWE-601" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.2", + "matchCriteriaId": "CB3473C7-E5B9-44B1-AC74-F7224D9AB78B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.2", + "matchCriteriaId": "AE95CF9F-D964-4857-8805-2CE4CF2F6328" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h353-vvwv-j2r4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/server/pull/38194", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://hackerone.com/reports/1977222", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35935.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35935.json index 1e152781392..ef7441f484e 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35935.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35935.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35935", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-03T17:15:09.317", - "lastModified": "2023-07-03T17:15:09.317", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json index 59defae2385..272799367c3 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36053", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-03T13:15:09.737", - "lastModified": "2023-07-03T13:15:09.737", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36301.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36301.json index d614ebbc2a1..bcdebd33704 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36301.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36301.json @@ -2,19 +2,75 @@ "id": "CVE-2023-36301", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T15:15:09.853", - "lastModified": "2023-06-26T17:51:24.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:18:49.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:talend:data_catalog:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.0-20230221", + "matchCriteriaId": "3A24F7E5-1BF9-4623-95F9-93CCC98F3CCA" + } + ] + } + ] + } + ], "references": [ { "url": "https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36660.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36660.json index 7e68b323272..d46a8734f12 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36660.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36660.json @@ -2,27 +2,89 @@ "id": "CVE-2023-36660", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-25T22:15:21.337", - "lastModified": "2023-06-26T13:02:36.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:20:47.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nettle_project:nettle:3.9:*:*:*:*:*:*:*", + "matchCriteriaId": "315BCEC0-1D36-4DAC-99D3-652EB144BC13" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1212112", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36666.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36666.json index 54dab7095bd..d7ed2357378 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36666.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36666.json @@ -2,23 +2,82 @@ "id": "CVE-2023-36666", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-25T22:15:21.527", - "lastModified": "2023-06-26T13:02:32.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:07:18.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inex:ixp_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.3.1", + "matchCriteriaId": "50ECE4A6-8FD8-416A-9D29-DB4B190314ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/inex/IXP-Manager/commit/fddbc38adb477c9cd46a462655ffed96d3d42229", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/inex/IXP-Manager/compare/v6.3.0...v6.3.1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36675.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36675.json index e6ab4b60d03..f8922a4deb4 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36675.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36675.json @@ -2,19 +2,97 @@ "id": "CVE-2023-36675", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-26T01:15:09.203", - "lastModified": "2023-06-26T13:02:32.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T19:20:19.150", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.35.11", + "matchCriteriaId": "FB8FFF65-64E2-4995-9D76-4A76E9165631" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.36.0", + "versionEndExcluding": "1.38.7", + "matchCriteriaId": "604E0A5B-4554-46AA-98AF-608A2CCDBF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.39.0", + "versionEndExcluding": "1.39.4", + "matchCriteriaId": "8B25814F-6A96-432B-9E6B-458E8FAA8B32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.40.0", + "versionEndExcluding": "1.40.1", + "matchCriteriaId": "1AD12042-7940-4775-AD0E-DB4B55438E43" + } + ] + } + ] + } + ], "references": [ { "url": "https://phabricator.wikimedia.org/T332889", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36814.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36814.json index 549e7f332df..6ccf478f065 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36814.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36814.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36814", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-03T17:15:09.393", - "lastModified": "2023-07-03T17:15:09.393", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36815.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36815.json new file mode 100644 index 00000000000..f20a7be2324 --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36815.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36815", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-03T18:15:09.653", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36816.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36816.json index 7f6b08530a1..b82507e6b46 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36816.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36816.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36816", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-03T17:15:09.463", - "lastModified": "2023-07-03T17:15:09.463", - "vulnStatus": "Received", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36817.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36817.json new file mode 100644 index 00000000000..abe1b96a5fa --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36817.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-36817", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-03T18:15:09.733", + "lastModified": "2023-07-03T18:33:32.153", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "`tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + }, + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tktchurch/website/security/advisories/GHSA-x3m6-5hmf-5x3w", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36819.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36819.json new file mode 100644 index 00000000000..93fc368653d --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36819.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36819", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-03T19:15:09.183", + "lastModified": "2023-07-03T19:15:09.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-jw99-hxxj-75g2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a4b37bbbfde..cc95e80ae36 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-03T18:00:30.019834+00:00 +2023-07-03T20:00:28.709051+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-03T17:53:58.230000+00:00 +2023-07-03T19:38:57.370000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -219064 +219067 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `3` -* [CVE-2023-34450](CVE-2023/CVE-2023-344xx/CVE-2023-34450.json) (`2023-07-03T17:15:09.147`) -* [CVE-2023-34451](CVE-2023/CVE-2023-344xx/CVE-2023-34451.json) (`2023-07-03T17:15:09.240`) -* [CVE-2023-35935](CVE-2023/CVE-2023-359xx/CVE-2023-35935.json) (`2023-07-03T17:15:09.317`) -* [CVE-2023-36814](CVE-2023/CVE-2023-368xx/CVE-2023-36814.json) (`2023-07-03T17:15:09.393`) -* [CVE-2023-36816](CVE-2023/CVE-2023-368xx/CVE-2023-36816.json) (`2023-07-03T17:15:09.463`) -* [CVE-2023-3497](CVE-2023/CVE-2023-34xx/CVE-2023-3497.json) (`2023-07-03T17:15:09.540`) +* [CVE-2023-36815](CVE-2023/CVE-2023-368xx/CVE-2023-36815.json) (`2023-07-03T18:15:09.653`) +* [CVE-2023-36817](CVE-2023/CVE-2023-368xx/CVE-2023-36817.json) (`2023-07-03T18:15:09.733`) +* [CVE-2023-36819](CVE-2023/CVE-2023-368xx/CVE-2023-36819.json) (`2023-07-03T19:15:09.183`) ### CVEs modified in the last Commit -Recently modified CVEs: `23` +Recently modified CVEs: `59` -* [CVE-2015-20108](CVE-2015/CVE-2015-201xx/CVE-2015-20108.json) (`2023-07-03T16:15:09.237`) -* [CVE-2022-48502](CVE-2022/CVE-2022-485xx/CVE-2022-48502.json) (`2023-07-03T16:15:09.393`) -* [CVE-2023-1891](CVE-2023/CVE-2023-18xx/CVE-2023-1891.json) (`2023-07-03T16:06:07.267`) -* [CVE-2023-20883](CVE-2023/CVE-2023-208xx/CVE-2023-20883.json) (`2023-07-03T16:15:09.470`) -* [CVE-2023-2598](CVE-2023/CVE-2023-25xx/CVE-2023-2598.json) (`2023-07-03T16:15:09.547`) -* [CVE-2023-2650](CVE-2023/CVE-2023-26xx/CVE-2023-2650.json) (`2023-07-03T16:15:09.623`) -* [CVE-2023-2731](CVE-2023/CVE-2023-27xx/CVE-2023-2731.json) (`2023-07-03T16:15:09.727`) -* [CVE-2023-2828](CVE-2023/CVE-2023-28xx/CVE-2023-2828.json) (`2023-07-03T16:15:09.807`) -* [CVE-2023-2829](CVE-2023/CVE-2023-28xx/CVE-2023-2829.json) (`2023-07-03T16:15:09.897`) -* [CVE-2023-2911](CVE-2023/CVE-2023-29xx/CVE-2023-2911.json) (`2023-07-03T16:15:09.983`) -* [CVE-2023-2953](CVE-2023/CVE-2023-29xx/CVE-2023-2953.json) (`2023-07-03T16:15:10.070`) -* [CVE-2023-30774](CVE-2023/CVE-2023-307xx/CVE-2023-30774.json) (`2023-07-03T16:15:10.150`) -* [CVE-2023-30775](CVE-2023/CVE-2023-307xx/CVE-2023-30775.json) (`2023-07-03T16:15:10.230`) -* [CVE-2023-3111](CVE-2023/CVE-2023-31xx/CVE-2023-3111.json) (`2023-07-03T16:15:10.300`) -* [CVE-2023-3212](CVE-2023/CVE-2023-32xx/CVE-2023-3212.json) (`2023-07-03T16:16:09.447`) -* [CVE-2023-35759](CVE-2023/CVE-2023-357xx/CVE-2023-35759.json) (`2023-07-03T16:24:39.053`) -* [CVE-2023-1166](CVE-2023/CVE-2023-11xx/CVE-2023-1166.json) (`2023-07-03T16:32:54.863`) -* [CVE-2023-3316](CVE-2023/CVE-2023-33xx/CVE-2023-3316.json) (`2023-07-03T16:43:32.603`) -* [CVE-2023-0873](CVE-2023/CVE-2023-08xx/CVE-2023-0873.json) (`2023-07-03T16:48:44.673`) -* [CVE-2023-22359](CVE-2023/CVE-2023-223xx/CVE-2023-22359.json) (`2023-07-03T16:53:40.840`) -* [CVE-2023-33243](CVE-2023/CVE-2023-332xx/CVE-2023-33243.json) (`2023-07-03T17:30:11.167`) -* [CVE-2023-32752](CVE-2023/CVE-2023-327xx/CVE-2023-32752.json) (`2023-07-03T17:37:32.993`) -* [CVE-2023-32339](CVE-2023/CVE-2023-323xx/CVE-2023-32339.json) (`2023-07-03T17:53:58.230`) +* [CVE-2023-34242](CVE-2023/CVE-2023-342xx/CVE-2023-34242.json) (`2023-07-03T19:12:59.533`) +* [CVE-2023-25515](CVE-2023/CVE-2023-255xx/CVE-2023-25515.json) (`2023-07-03T19:15:31.923`) +* [CVE-2023-23344](CVE-2023/CVE-2023-233xx/CVE-2023-23344.json) (`2023-07-03T19:16:21.420`) +* [CVE-2023-28016](CVE-2023/CVE-2023-280xx/CVE-2023-28016.json) (`2023-07-03T19:17:06.243`) +* [CVE-2023-36301](CVE-2023/CVE-2023-363xx/CVE-2023-36301.json) (`2023-07-03T19:18:49.437`) +* [CVE-2023-25307](CVE-2023/CVE-2023-253xx/CVE-2023-25307.json) (`2023-07-03T19:19:20.030`) +* [CVE-2023-29423](CVE-2023/CVE-2023-294xx/CVE-2023-29423.json) (`2023-07-03T19:19:39.733`) +* [CVE-2023-2533](CVE-2023/CVE-2023-25xx/CVE-2023-2533.json) (`2023-07-03T19:19:40.983`) +* [CVE-2023-29093](CVE-2023/CVE-2023-290xx/CVE-2023-29093.json) (`2023-07-03T19:19:55.117`) +* [CVE-2023-36675](CVE-2023/CVE-2023-366xx/CVE-2023-36675.json) (`2023-07-03T19:20:19.150`) +* [CVE-2023-36660](CVE-2023/CVE-2023-366xx/CVE-2023-36660.json) (`2023-07-03T19:20:47.360`) +* [CVE-2023-28485](CVE-2023/CVE-2023-284xx/CVE-2023-28485.json) (`2023-07-03T19:22:57.320`) +* [CVE-2023-3432](CVE-2023/CVE-2023-34xx/CVE-2023-3432.json) (`2023-07-03T19:24:13.527`) +* [CVE-2023-3431](CVE-2023/CVE-2023-34xx/CVE-2023-3431.json) (`2023-07-03T19:24:51.337`) +* [CVE-2023-2996](CVE-2023/CVE-2023-29xx/CVE-2023-2996.json) (`2023-07-03T19:26:05.237`) +* [CVE-2023-2877](CVE-2023/CVE-2023-28xx/CVE-2023-2877.json) (`2023-07-03T19:26:43.103`) +* [CVE-2023-2842](CVE-2023/CVE-2023-28xx/CVE-2023-2842.json) (`2023-07-03T19:27:16.967`) +* [CVE-2023-25520](CVE-2023/CVE-2023-255xx/CVE-2023-25520.json) (`2023-07-03T19:27:23.943`) +* [CVE-2023-2795](CVE-2023/CVE-2023-27xx/CVE-2023-2795.json) (`2023-07-03T19:28:20.887`) +* [CVE-2023-34839](CVE-2023/CVE-2023-348xx/CVE-2023-34839.json) (`2023-07-03T19:29:43.347`) +* [CVE-2023-34838](CVE-2023/CVE-2023-348xx/CVE-2023-34838.json) (`2023-07-03T19:30:00.057`) +* [CVE-2023-34837](CVE-2023/CVE-2023-348xx/CVE-2023-34837.json) (`2023-07-03T19:30:12.097`) +* [CVE-2023-34836](CVE-2023/CVE-2023-348xx/CVE-2023-34836.json) (`2023-07-03T19:30:27.440`) +* [CVE-2023-34835](CVE-2023/CVE-2023-348xx/CVE-2023-34835.json) (`2023-07-03T19:30:38.090`) +* [CVE-2023-35171](CVE-2023/CVE-2023-351xx/CVE-2023-35171.json) (`2023-07-03T19:38:57.370`) ## Download and Usage